|
 |
|
Sober.N
|
|
|
First Report:
|
2005-04-01 05:04
|
|
Last Update:
|
2005-05-08 23:36
|
|
|
Risk Rating:
|
Low Risk
|
|
|
Aliases:
|
CME-414
Email-Worm.Win32.Sober.o
Email-Worm.Win32.VB.aj
Sober.N
W32.Sober.N@mm
W32/Sober
W32/Sober-M
W32/Sober.N@mm
W32/Sober.o@MM
W32/Sober.o@MM!M414
Win32.Sober.M
Win32/Sober.M!Worm
Win32/Sober.M@mm
WORM_SOBER.N
|
|
|
|
Information From AntiVirus Vendors
|
|
|
|
|
Below you will find virus information from different antivirus vendors included in this Secunia Virus Profile. Information about the virus along with links to removal tools will be listed below when available.
The information provided is sorted by the date on which the information first became publicy available on the antivirus vendors' websites. The earliest available reports are displayed first. Please note timestamps are in GMT+1.
|
|
|
#1 - SYMANTEC
|
| |
|
|
W32.Sober.N@mm
|
Severity:
2/5
|
File Size:
73,541 bytes
|
| |
|
|
Reported:
2005-04-01 05:04
|
Last Update:
2005-04-21 23:40
|
| |
Description:
W32.Sober.N@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.
|
| |
|
Full Report From Vendor
Removal Tool/Instructions
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-04-21 23:40
|
Description was changed.
New:
"W32.Sober.N@mm is a mass-mailing worm that
uses its own SMTP engine to spread. It sends
itself as an email attachment to addresses
gathered from the compromised computer. The
email may be in either English or German. "
Old:
"W32.Sober.N@mm is a mass-mailing worm that
uses its own SMTP engine to spread. It sends
itself as an email attachment to addresses
gathered from the compromised computer. The
email may be in either English or German."
|
| |
|
|
2005-04-21 23:40
|
Updated information about removal tool/instructions.
|
| |
|
|
2005-04-19 23:40
|
Name was changed.
New:
"W32.Sober.N@mm"
Old:
"Trojan.Ascetic.B"
|
| |
|
|
2005-04-19 23:40
|
Description was changed.
New:
"W32.Sober.N@mm is a mass-mailing worm that
uses its own SMTP engine to spread. It sends
itself as an email attachment to addresses
gathered from the compromised computer. The
email may be in either English or German."
Old:
"Trojan.Ascetic.B uses its own SMTP engine to
send the email addresses that it finds on the
infected computer to some predefined email
addresses. The email address of the sender is
spoofed. The subject is randomly generated
text. "
|
| |
|
|
2005-04-19 23:40
|
File size was changed.
New:
"73,541 bytes"
Old:
"N/A"
|
| |
|
|
2005-04-02 05:44
|
Description was changed.
New:
"Trojan.Ascetic.B uses its own SMTP engine to
send the email addresses that it finds on the
infected computer to some predefined email
addresses. The email address of the sender is
spoofed. The subject is randomly generated
text. "
Old:
"Trojan.Ascetic.B uses its own SMTP engine to
send the email addresses that it finds on the
infected computer to some predefined email
addresses. The email address of the sender is
spoofed. The subject is randomly generated
text."
|
| |
|
|
2005-04-02 04:20
|
Name was changed.
New:
"Trojan.Ascetic.B"
Old:
"W32.Sober.N@mm"
|
| |
|
|
2005-04-02 04:20
|
Description was changed.
New:
"Trojan.Ascetic.B uses its own SMTP engine to
send the email addresses that it finds on the
infected computer to some predefined email
addresses. The email address of the sender is
spoofed. The subject is randomly generated
text."
Old:
"W32.Sober.N@mm is a mass-mailing worm that
uses its own SMTP engine to send itself to
addresses gathered from the compromised
computer. The email will be in either English
or German."
|
|
|
|
|
|
#2 - SYMANTEC
|
| |
|
|
W32.Sober.N@mm
|
Severity:
2/5
|
File Size:
73,541 bytes
|
| |
|
|
Reported:
2005-04-02 02:40
|
Last Update:
2005-04-21 23:40
|
| |
Description:
W32.Sober.N@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.
|
| |
|
Full Report From Vendor
Removal Tool/Instructions
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-04-21 23:40
|
Description was changed.
New:
"W32.Sober.N@mm is a mass-mailing worm that
uses its own SMTP engine to spread. It sends
itself as an email attachment to addresses
gathered from the compromised computer. The
email may be in either English or German. "
Old:
"W32.Sober.N@mm is a mass-mailing worm that
uses its own SMTP engine to spread. It sends
itself as an email attachment to addresses
gathered from the compromised computer. The
email may be in either English or German."
|
| |
|
|
2005-04-21 23:40
|
Updated information about removal tool/instructions.
|
| |
|
|
2005-04-19 23:40
|
Name was changed.
New:
"W32.Sober.N@mm"
Old:
"Trojan.Ascetic.B"
|
| |
|
|
2005-04-19 23:40
|
Description was changed.
New:
"W32.Sober.N@mm is a mass-mailing worm that
uses its own SMTP engine to spread. It sends
itself as an email attachment to addresses
gathered from the compromised computer. The
email may be in either English or German."
Old:
"Trojan.Ascetic.B uses its own SMTP engine to
send the email addresses that it finds on the
infected computer to some predefined email
addresses. The email address of the sender is
spoofed. The subject is randomly generated
text. "
|
| |
|
|
2005-04-19 23:40
|
File size was changed.
New:
"73,541 bytes"
Old:
"N/A"
|
| |
|
|
2005-04-02 05:00
|
Description was changed.
New:
"Trojan.Ascetic.B uses its own SMTP engine to
send the email addresses that it finds on the
infected computer to some predefined email
addresses. The email address of the sender is
spoofed. The subject is randomly generated
text. "
Old:
"Trojan.Ascetic.B uses its own SMTP engine to
send the email addresses that it finds on the
infected computer to some predefined email
addresses. The email address of the sender is
spoofed. The subject is randomly generated
text."
|
|
|
|
|
|
#3 - SOPHOS
|
| |
|
|
W32/Sober-M
|
Severity:
2/5
|
File Size:
-
|
| |
|
|
Reported:
2005-04-19 04:23
|
Last Update:
2005-05-04 23:44
|
| |
Description:
|
| |
|
Full Report From Vendor
|
|
|
#4 - MCAFEE
|
| |
|
|
W32/Sober.o@MM!M414
|
Severity:
2/7
|
File Size:
73,541 bytes
|
| |
|
|
Reported:
2005-04-19 05:47
|
Last Update:
2005-04-21 23:42
|
| |
Description:
This mass-mailing worm arrives in an email messages that is designed to trick users into thinking that someone else is receiving their email. It arrives in a message as follows:
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-04-21 20:42
|
Name was changed.
New:
"W32/Sober.o@MM!M414"
Old:
"W32/Sober.o@MM"
|
| |
|
|
2005-04-19 06:27
|
Description was changed.
New:
"This mass-mailing worm arrives in an email
messages that is designed to trick users into
thinking that someone else is receiving their
email. It arrives in a message as follows:"
Old:
"AVERT is currently analyzing this threat.
Details will be posted shortly."
|
| |
|
|
2005-04-19 05:57
|
Description was changed.
New:
"AVERT is currently analyzing this threat.
Details will be posted shortly."
Old:
"AVERT is currently analyzing this threat.
Details will be posted shortly. Top of Page"
|
|
|
|
|
|
#5 - TREND MICRO
|
| |
|
|
WORM_SOBER.N
|
Severity:
1/3
|
File Size:
-
|
| |
|
|
Reported:
2005-04-19 06:02
|
Last Update:
2005-05-08 23:36
|
| |
Description:
|
| |
|
Full Report From Vendor
|
|
|
#6 - F-SECURE
|
| |
|
|
Sober.N
|
Severity:
2/3
|
File Size:
73541
|
| |
|
|
Reported:
2005-04-19 06:35
|
Last Update:
2005-04-20 09:45
|
| |
Description:
Sober.N email worm was found on 19th of April, 2005. It sends itself as an attachment in e-mail messages with English or German texts.
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-04-19 10:31
|
Severity was raised from N/A to 2/3.
|
|
|
|
|
|
#7 - COMPUTER ASSOCIATES
|
| |
|
|
Win32.Sober.M
|
Severity:
-
|
File Size:
-
|
| |
|
|
Reported:
2005-04-19 07:37
|
Last Update:
2005-04-26 23:46
|
| |
Description:
|
| |
|
Full Report From Vendor
|
|
|
Please note: The information that this Secunia Virus Profile is based on comes from a third party unless stated otherwise.
The grouping process is done completely automatically, therefore minor inconsistencies may occur. For more information about Secunia Virus Information, please read: About Virus Information.
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
