|
It never fails somehow it seems that whenever I am to be the Handler On Duty we have another little Smurf pop out of the closet. Today's little Smurf is Sober.R or Sober.Q or Worm_Sober.AC or ...., well you get the drift. (What's in a name anyway. ) However, I am pleased to say that the official CME has been released for this little fella'. Nothing to report there yet - says Not Currently Available. You'll have to keep checking back to see what the update brings. http://cme.mitre.org We do however believe that we are working with at least two different versions. FSecure has an interesting write up on this and is calling the second one a Dropper. Take a look at the info in F-Secures writeup. http://www.f-secure.com/v-descs/sober_s.shtml Our malware team is looking at the code as we speak. It appears that this one is picky about who is blessed to receive a copy. It appears to be a self mailer. Our malware team is hard at work attempting to identify evaluate this thing and will update us as soon as possible. It looks like the attachment name may have changed as well. The one that I just received had the attachment name regis.info.zip and appears to be according to the subject my "Registration Confirmation". The program is packed with some pretty nasty stuff. It looks like it may scan the hard drive to see what additional mischief it can create. It appears to create a file services.exe and sets itself up to run in the registry. We will keep you updated on any additional info that we get on this. |
Deborah 278 Posts ISC Handler |
| Subscribe |
Oct 6th 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
