Site Products  
  Sales Support:
 
Request Quote Form | Selected Items | Sitemap | Bookmark
Home Services Products Solutions Industries Support Company Contact Us
 Services
 Products
 Solutions
 Industries
 Company
About Netfast
Partners
Alliance Program
Employment
Case Studies
Industry News/Press
 Security Solutions
 Support
 Site Map
 Contact Us
 
Home »  Company »  Industry News/Press »  

McAfee AVERT Raises Risk Assessment to Medium on New W32/Sober@MM!M681 Virus

(PRNewswire) November 23, 2005 -- McAfee, Inc. , the leader in Intrusion Prevention and Risk Management solutions, today announced that McAfee(R) AVERT(TM) (Anti-virus and Vulnerability Emergency Response Team), the world-class research division of McAfee, Inc., raised the risk assessment to Medium on the recently discovered W32/Sober@MM!M681, also known as Sober!M681.

Sober!M681 is a prolific worm that spreads via email, sending itself to addresses found on a victim's machine. The worm arrives as a .zip file attached to e-mail and has many of the same functionalities as its Sober predecessors. The worm was first reported to McAfee AVERT researchers yesterday, and its risk assessment is being raised to medium today because the variant is generating an increased amount of spam. McAfee AVERT has received more than 300 reports of the virus in the wild from unique senders.

Threat Overview

Sober!M681 is a mass mailing threat that contains its own SMTP engine to construct outgoing messages, which are written in German or English, depending on the version of Windows. It harvests addresses from local files and then uses the harvested addresses to send itself. This produces a message with a spoofed From address. The attachment arrives in the form of a .zip file that contains an executable file. Users must manually extract the executable from the .zip file and run the attachment in order to be infected.

An example of a randomly generated English message is as follows: Subject: Paris Hilton & Nicole Richie Body: The Simple Life: View Paris Hilton & Nicole Richie video clips , pictures & more ;) Download is free until Jan, 2006! Please use our Download manager. Subject: You visit illegal websites Body: Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, Steven Allison *** Federal Bureau of Investigation -FBI- *** 935 Pennsylvania Avenue, NW, Room 3220 *** Washington, DC 20535 *** phone: (202) 324-3000 An example of a randomly generated German message is as follows: Body: Glueckwunsch: Bei unserer EMail Auslosung hatten Sie und weitere neun Kandidaten Glueck. Sie sitzen demnaechst bei Guenther Jauch im Studio! Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang. +++ RTL interactive GmbH +++ Geschaeftsfuehrung: Dr. Constantin Lange +++ Am Coloneum 1 +++ 50829 Koeln +++ Fon: +49(0) 221-780 0 oder System Protection and Cure

More information on Sober!M681 and the cure for this worm can be found online at the McAfee AVERT site located at http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=137072 . McAfee customers have been protected since the 4629 DAT files released on November 16th, which detected the variant as W32/Sober.gen@MM.

McAfee AVERT is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing researchers in thirteen countries on five continents. McAfee AVERT combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield(R), McAfee Entercept(R) and McAfee Foundstone(R) Professional Services organizations. McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.
Testimonials:
 
The reasons I do business with Netfast is simple:
Excellent and timely technical assistance, Responsive and knowledgeable salespeople, Excellent delivery, No DOA's, Very aggressive pricing, Flexibility

R.D. Cadence Design

 
You all have really kept your word and have been nothing but professional and accommodating. I cannot tell you how much that is appreciated! I will be happy to recommend you guys to the Hill or whoever if you need a recommendation.

R. R. General Atomics

  Alcatel-Lucent | Foundry | Juniper | Cisco | HP | F5 | Niksun | Force10 | Top Searches | Solutions | Industry News | Partners
Minority Business Enterprise (State) | Site Map   Digital Warehouse | Small Minority Business | Glossary of Terms | Privacy Policy 		 
Member of: ISACA (www.isaca.org) , CSI (www.gocsi.com) , Carnegie Mellon University's CyLab (www.cylab.cmu.edu) . Netfast is a Registered Trademark of Netfast Communications, Inc. 2006 Netfast Communications Inc.Website Last Updated on 9/2/2010