Alias:Sober.M, Backdoor Trojan
Type:Worm 
Size:45.222 bytes (packed) 
Origin: 
Date:03-07-2005 
Damage: 
VDF Version:6.30.00.19 
Danger:Low 
Distribution:Medium 

General DescriptionAffected platforms:
* Windows 95
* Windows 98
* Windows ME
* Windows NT
* Windows 2000
* Windows XP
* Windows Server 2003

DistributionThe virus sends itself using itsown SMTP engine with english and german texts. The attachment is a ZIP archive which contains an EXE file.

-SUBJECT:
ich habe ihre e-mail bekommen !

-BODY:
Hallo,

jemand schickt ihre privaten Mails auf meinem Account.

Ich schaetze mal, das es ein Fehler vom Provider ist.

Insgesamt waren es jetzt schon 6 Mails!

Ich habe alle Mail-Texte im Texteditor kopiert und gezippt.

Wenn es doch kein Fehler vom Provider ist, sorge dafuer das diese Dinger nicht mehr auf meinem Account landen, es Nervt naemlich.

-ATTACHMENT:
Mailtexte.zip


The english version appears like this:

-SUBJECT:
your password + accountnumber !

-BODY:
hi,

i've got an admin mail with a Password and Account info!

but the mail recipient are you! it's probably an esmtp error, i think.

i've copied the full mail text in the Windows text-editor & zipped.

ok, cya...

-ATTACHMENT:
Acc_text.zip

Technical DetailsIf Worm/Sober.L is executed, it copies itself in the following locations:
<%windir%>\msagent\system\smss.exe
<%windir%>\msagent\system\zipzip.zab

and creates the following entry in the Windows Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows\CurrentVersion\Run\
"Services.dll"="<%windir%>\Ssagent\System\smss.exe"
Description inserted by Crony Walker on dinsdag 15 juni 2004

Terug . . . .

© 2013 Avira Operations GmbH & Co. KG. Alle rechten voorbehouden.

Mijn Account

https:// Dit venster is voor uw veiligheid gecodeerd.