|
 |
|
Sober.X
|
|
|
First Report:
|
2005-11-19 18:34
|
|
Last Update:
|
2005-12-21 23:33
|
|
|
Risk Rating:
|
High Risk
|
|
|
Aliases:
|
CME-681
Email-Worm.Win32.Sober.y
Sober.AH
Sober.Y
W32.Sober.X@mm
W32/Sober
W32/Sober-Z
W32/Sober-{X
W32/Sober.AA@mm
W32/Sober.AH.worm
W32/Sober.Y@mm
W32/Sober@MM!CME-681
W32/Sober@MM!M681
Win32.Sober.W
Win32/Sober.W!Worm
WORM_SOBER.AG
Z}
|
|
|
Virus Alerts:
|
Secunia issued a HIGH RISK alert for this virus.
2005-11-23 11:46
Secunia issued a MEDIUM RISK alert for this virus.
2005-11-22 16:24
|
|
|
Information From AntiVirus Vendors
|
|
|
|
|
Below you will find virus information from different antivirus vendors included in this Secunia Virus Profile. Information about the virus along with links to removal tools will be listed below when available.
The information provided is sorted by the date on which the information first became publicy available on the antivirus vendors' websites. The earliest available reports are displayed first. Please note timestamps are in GMT+1.
|
|
|
#1 - SYMANTEC
|
| |
|
|
W32.Sober.X@mm
|
Severity:
3/5
|
File Size:
55,390 bytes
|
| |
|
|
Reported:
2005-11-19 18:34
|
Last Update:
2005-12-13 23:34
|
| |
Description:
W32.Sober.X@mm is a mass-mailing worm that uses its own SMTP engine to spread and lowers security settings. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.
|
| |
|
Full Report From Vendor
Removal Tool/Instructions
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-12-13 23:34
|
Description was changed.
New:
"W32.Sober.X@mm is a mass-mailing worm that
uses its own SMTP engine to spread and lowers
security settings. It sends itself as an
email attachment to addresses gathered from
the compromised computer. The email may be in
either English or German."
Old:
"W32.Sober.X@mm is a mass-mailing worm that
uses its own SMTP engine to spread and lowers
security settings. It sends itself as an
email attachment to addresses gathered from
the compromised computer. The email may be in
either English or German. Note: Symantec
products that support the Worm Blocking
functionality automatically detect this
threat as it attempts to spread. "
|
| |
|
|
2005-11-24 23:50
|
Description was changed.
New:
"W32.Sober.X@mm is a mass-mailing worm that
uses its own SMTP engine to spread and lowers
security settings. It sends itself as an
email attachment to addresses gathered from
the compromised computer. The email may be in
either English or German. Note: Symantec
products that support the Worm Blocking
functionality automatically detect this
threat as it attempts to spread. "
Old:
"W32.Sober.X@mm is a mass-mailing worm that
uses its own SMTP engine to spread and lowers
security settings. It sends itself as an
email attachment to addresses gathered from
the compromised computer. The email may be in
either English or German. "
|
| |
|
|
2005-11-23 23:50
|
Description was changed.
New:
"W32.Sober.X@mm is a mass-mailing worm that
uses its own SMTP engine to spread and lowers
security settings. It sends itself as an
email attachment to addresses gathered from
the compromised computer. The email may be in
either English or German. "
Old:
"W32.Sober.X@mm is a mass-mailing worm that
uses its own SMTP engine to spread and lowers
security settings. It sends itself as an
email attachment to addresses gathered from
the compromised computer. The email may be in
either English or German."
|
| |
|
|
2005-11-23 23:50
|
Updated information about removal tool/instructions.
|
| |
|
|
2005-11-22 23:50
|
Description was changed.
New:
"W32.Sober.X@mm is a mass-mailing worm that
uses its own SMTP engine to spread and lowers
security settings. It sends itself as an
email attachment to addresses gathered from
the compromised computer. The email may be in
either English or German."
Old:
"W32.Sober.X@mm is a mass-mailing worm that
uses its own SMTP engine to spread. It sends
itself as an email attachment to addresses
gathered from the compromised computer. The
email may be in either English or German."
|
| |
|
|
2005-11-22 15:44
|
Severity was raised from 2/5 to 3/5.
|
|
|
|
|
|
#3 - F-SECURE
|
| |
|
|
Sober.Y
|
Severity:
3/3
|
File Size:
-
|
| |
|
|
Reported:
2005-11-22 11:31
|
Last Update:
2005-12-12 23:41
|
| |
Description:
The Sober.Y worm was found on November 16th, 2005, however it became widespread only on November 21st. This Sober variant is similar to both Sober.K, that appeared on February 21st, 2005 and the latest variants that appeared in the middle of November 2005:
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-11-23 11:31
|
Severity was raised from 2/3 to 3/3.
|
| |
|
|
2005-11-22 11:51
|
Severity was raised from N/A to 2/3.
|
| |
|
|
2005-11-22 11:41
|
Severity was decreased from 2/3 to N/A.
|
| |
|
|
2005-11-22 11:41
|
Severity was raised from N/A to 2/3.
|
|
|
|
|
|
#4 - PANDA ANTIVIRUS
|
| |
|
|
Sober.AH
|
Severity:
3/4
|
File Size:
-
|
| |
|
|
Reported:
2005-11-22 12:38
|
Last Update:
2005-12-21 23:33
|
| |
Description:
It ends several processes belonging to some security tools, among others and displays a fake error when it is run. It spreads via email in a message written in English or German.
|
| |
|
Full Report From Vendor
|
|
|
#5 - MCAFEE
|
| |
|
|
W32/Sober@MM!M681
|
Severity:
4/7
|
File Size:
-
|
| |
|
|
Reported:
2005-11-22 15:17
|
Last Update:
2005-12-08 23:42
|
| |
Description:
The risk assessment of this threat has been upgraded to Medium due to the amount of spam emails being sent which include copies of this virus. Mcafee customers have been protected since the 4629 dat files released on November 16th , which detected th...
|
| |
|
Full Report From Vendor
Removal Tool/Instructions
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-11-24 19:42
|
Description was changed.
New:
"The risk assessment of this threat has been
upgraded to Medium due to the amount of spam
emails being sent which include copies of
this virus. Mcafee customers have been
protected since the 4629 dat files released
on November 16th , which detected th..."
Old:
"The risk assessment of this threat has been
upgraded to Medium due to the amount of spam
being seen from this variant, Mcafee
customers have been protected since the 4629
dat files released on November 16th , which
detected this as W32/Sober.gen@MM. ..."
|
| |
|
|
2005-11-23 22:47
|
Updated information about removal tool/instructions.
|
| |
|
|
2005-11-23 01:17
|
Severity was raised from 2/7 to 4/7.
|
| |
|
|
2005-11-23 01:17
|
Description was changed.
New:
"The risk assessment of this threat has been
upgraded to Medium due to the amount of spam
being seen from this variant, Mcafee
customers have been protected since the 4629
dat files released on November 16th , which
detected this as W32/Sober.gen@MM. ..."
Old:
"This threat is proactively detected as
W32/Sober.gen@MM with the 4629 DATs or
greater (release date Nov 16th 2005).
Specific named detection as W32/Sober@MM!M681
(to reflect the assigned CME ID number) will
be added to the 4635 DATs."
|
|
|
|
|
|
#6 - TREND MICRO
|
| |
|
|
WORM_SOBER.AG
|
Severity:
2/3
|
File Size:
-
|
| |
|
|
Reported:
2005-11-25 09:24
|
Last Update:
2005-12-09 23:42
|
| |
Description:
|
| |
|
Full Report From Vendor
|
|
|
Please note: The information that this Secunia Virus Profile is based on comes from a third party unless stated otherwise.
The grouping process is done completely automatically, therefore minor inconsistencies may occur. For more information about Secunia Virus Information, please read: About Virus Information.
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
