 |
Security News
The new variant of the worm/Sober.Q: H+BEDV warns of mass emails
Thu, 06 October 2005
Tettnang, 6 October 2005 – The antivirus specialists of H+BEDV Datentechnik warns all the users of a ZIP-archive called “pword change.zip” or “ KlassenFoto.zip that can be found as attachment in the infected email. This new version of the Worm/Sober.Q has been spread in large quantities during last night.
Exactly the way its predecessors did this new form of worm/Sober.Q has its own SMTP- engine, he uses for searching certain file extensions for email addresses in the computer that have been infected. If he detects something then he will automatically send himself to that particular email addresses. Characteristic for this 113,551 Bytes worm is the fact that he asks different time servers about the current time in order to start its transmission routine. The users are very easily tempted to open the infected email since the subject of the email promises the addressee a new password or a photo of the class reunion.
If the exe-file is executed in a ZIP-file, then worm Sober.Q will show a fake pop-up window with the text: error in packed file and CRC header must be $7ff8.
These are the characteristics of the email:
Subject: Your new password
Body: Your password was successfully changed!
Please see the attached file for detailed information.
Attachment: pword_ change.zip
Or
Subject line: Fwd: class reunion
Mail text: I hope I finally caught the right person! I also attached some of our old class photos. You must write me back if you could find yourself in there!! Please accept my apologies for this annoyance if I got the wrong person again ;)
Kind regards: Name
File attachment: classphoto.zip
The security specialist of H+BEDV already reacted to the alert and provided its customers with several updates as from Thursday at 3:12 a.m. The current version of the antivirus software and the detailed virus description can be downloaded from www.hbedv.com. Moreover, even the private users are able to protect themselves from these uninvited guests. The new AntiVir PersonalEdition Premium that can be found at www.antivir-pe.de, already offers an extensive protection to home users.
About H+BEDV Datentechnik
H+BEDV Datentechnik GmbH is specialized in developing cross-system business security solutions since 1988. Its clients include leading national and international enterprises, both for-profit and non-profit, as well as various educational institutions and public entities.
In addition to its extensive product portfolio for Microsoft Windows systems, the company is a growing technological leader in the growth market for Linux operating systems. H+BEDV Datentechnik GmbH already offers high-performance solutions for file servers, Web servers, mail servers and workstations.
The AntiVir scanner was again awarded the Virus Bulletin 100% Award in 2005 and has a current certification by the German quality assurance authority TÜV.
In addition to its own distribution channels, H+BEDV Datentechnik GmbH has a comprehensive network of resellers in Europe and throughout the world. The company also works closely with the German Federal Office for Information Security (BSI).
Contact Person of H+BEDV:
Adela Kohl/Gernot Hacker
Address:
H+BEDV Datentechnik GmbH
Lindauer Str. 21
88069 Tettnang
Germany
Telephone: +49 (0) 7542-500 284
Telefax: +49 (0) 7542-525 10
Email:
Press Contact
LEWIS – Global Public Relations
Jacklin Montag
Baierbrunner Str. 15
81379 Munich
Germany
Tel: +49 89 1730 19 19
Fax: +49 89 17 30 19 99
Mail:
Web: http://www.lewispr.com
 Print this page
|
|
Virus threats 
.gif)
