|
 |
|
Sober.K
|
|
|
First Report:
|
2005-02-21 08:00
|
|
Last Update:
|
2005-03-21 23:18
|
|
|
Risk Rating:
|
Low Risk
|
|
|
Aliases:
|
Email-Worm.Win32.Sober.k
Sober.K
Sober.M
W32.Sober.K@mm
W32/Sober
W32/Sober-K
W32/Sober.K@mm
W32/Sober.l@MM
W32/Sober.M.worm
W32/Sober.M@mm
Win32.Sober.K
Win32.Sober.K!ZIP
Win32/Sober.K.Worm
Win32/Sober.K@mm
WORM_SOBER.K
|
|
|
|
Information From AntiVirus Vendors
|
|
|
|
|
Below you will find virus information from different antivirus vendors included in this Secunia Virus Profile. Information about the virus along with links to removal tools will be listed below when available.
The information provided is sorted by the date on which the information first became publicy available on the antivirus vendors' websites. The earliest available reports are displayed first. Please note timestamps are in GMT+1.
|
|
|
#1 - F-SECURE
|
| |
|
|
Sober.K
|
Severity:
-
|
File Size:
-
|
| |
|
|
Reported:
2005-02-21 08:00
|
Last Update:
2005-02-23 16:45
|
| |
Description:
Sober.K worm was seeded in e-mails on 21st of February 2005. It is quite similar to the previous variants. Sober.K sends itself as an attachment in e-mail messages with English or German texts.
|
| |
|
Full Report From Vendor
|
|
|
#2 - COMPUTER ASSOCIATES
|
| |
|
|
Win32.Sober.K
|
Severity:
-
|
File Size:
-
|
| |
|
|
Reported:
2005-02-21 08:22
|
Last Update:
2005-03-16 23:37
|
| |
Description:
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-03-01 23:42
|
Severity was decreased from 2/5 to N/A.
|
| |
|
|
2005-03-01 23:42
|
Description was changed.
New:
"N/A"
Old:
"Win32.Sober.K is a worm that spreads via
e-mail, attached to messages that can be
either in English or German. The worm has
been distributed as a 51,918-byte ZIP archive
that contains a 51,688-byte Win32 executable.
When executed, Sober.K copies itself to the
%Windows%\Msagent\Win32 directory with the
following filenames:"
|
| |
|
|
2005-03-01 23:42
|
File size was changed.
New:
"N/A"
Old:
"51,918"
|
| |
|
|
2005-02-24 07:42
|
Severity was raised from N/A to 2/5.
|
| |
|
|
2005-02-24 07:42
|
Description was changed.
New:
"Win32.Sober.K is a worm that spreads via
e-mail, attached to messages that can be
either in English or German. The worm has
been distributed as a 51,918-byte ZIP archive
that contains a 51,688-byte Win32 executable.
When executed, Sober.K copies itself to the
%Windows%\Msagent\Win32 directory with the
following filenames:"
Old:
"This malware is detected by eTrust Antivirus
solutions. Please see above for the relevant
signature updates. This malware is being
dissected by the CA Security Advisory Team -
a detailed analysis will be available
shortly."
|
| |
|
|
2005-02-24 07:42
|
File size was changed.
New:
"51,918"
Old:
"N/A"
|
| |
|
|
2005-02-21 08:37
|
Description was changed.
New:
"This malware is detected by eTrust Antivirus
solutions. Please see above for the relevant
signature updates. This malware is being
dissected by the CA Security Advisory Team -
a detailed analysis will be available
shortly."
Old:
"N/A"
|
|
|
|
|
|
#3 - SOPHOS
|
| |
|
|
W32/Sober-K
|
Severity:
2/5
|
File Size:
-
|
| |
|
|
Reported:
2005-02-21 09:08
|
Last Update:
2005-03-07 23:39
|
| |
Description:
|
| |
|
Full Report From Vendor
|
|
|
#4 - SYMANTEC
|
| |
|
|
W32.Sober.K@mm
|
Severity:
2/5
|
File Size:
-
|
| |
|
|
Reported:
2005-02-21 09:34
|
Last Update:
2005-02-21 18:50
|
| |
Description:
W32.Sober.K@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from a compromised computer. The email will be in either English or German.
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-02-21 15:50
|
Description was changed.
New:
"W32.Sober.K@mm is a mass-mailing worm that
uses its own SMTP engine to send itself to
email addresses gathered from a compromised
computer. The email will be in either English
or German."
Old:
"W32.Sober.K@mm is a mass-mailing worm that
uses its own SMTP engine to spread itself.
The subject of the email varies, and it will
be in either English or German"
|
|
|
|
|
|
#5 - TREND MICRO
|
| |
|
|
WORM_SOBER.K
|
Severity:
1/3
|
File Size:
-
|
| |
|
|
Reported:
2005-02-21 10:35
|
Last Update:
2005-03-21 23:18
|
| |
Description:
|
| |
|
Full Report From Vendor
|
|
|
#6 - MCAFEE
|
| |
|
|
W32/Sober.l@MM
|
Severity:
2/7
|
File Size:
-
|
| |
|
|
Reported:
2005-02-21 12:02
|
Last Update:
2005-02-21 14:27
|
| |
Description:
This new variant, which is written in VB bears the following characteristics:
|
| |
|
Full Report From Vendor
|
|
|
#7 - PANDA ANTIVIRUS
|
| |
|
|
Sober.M
|
Severity:
2/4
|
File Size:
-
|
| |
|
|
Reported:
2005-02-21 14:13
|
Last Update:
2005-02-23 18:43
|
| |
Description:
It spreads via e-mail in a message written in English or German.
|
| |
|
Full Report From Vendor
|
|
|
Please note: The information that this Secunia Virus Profile is based on comes from a third party unless stated otherwise.
The grouping process is done completely automatically, therefore minor inconsistencies may occur. For more information about Secunia Virus Information, please read: About Virus Information.
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
