Tuesday, November 15, 2005

Sober strikes twice in a row

Tettnang, 15 November 2005 - H+BEDV urgently warns all users of the operating systems Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003 of the variants W and X of the dropper DR/Sober. The new Sober descendant are spread through spam lists since this morning. The infection rate is alarmingly high.

The emails that are infected with the Dropper W are extremely dangerous, as they can land in your electronic email box English and German. All emails have the following appearance:

Subject line: Your email
Message text: hello, sorry, sorry sorry,
because, my english is not the best! ok, i've got an email with an
excel-table. but i am not the recipient, the recipient are you! i think,
it's an mail error! ok, here is your table back!
Attachment: excel_table.zip

Or in German:

Subject line: Ihre eMail!
Message text: Guten Tag,
jemand schickte mir eine Mail mit einer Excel oder Access Tabelle (kenne mich da nicht so aus!).
Jedenfalls ist diese Mail aber an ihre Mail Adresse adressiert, aber zu meiner gekommen??? Ist wohl irgendein Fehler.
Ok, hier haben Sie sie wieder zurueck!
Attachment: excel_table.zip

If the user clicks on the attachment of the dropper Sober.W, the file HJGERHDS.EXE with a size of 134.176 bytes.is created and started on the computer. Afterwards the DR/Sober.W will show a fake Windows window:

A characteristic of the emails infected with Sober.X is the following English registration indication:

Subject line: Thanks for your registration
Message text: Thanks for your registration!
We have received your payment.
Attachment: reg_text.zip

As soon as the users activate the attachment of Sober.X, the file HJGERHDS.EXE with 127.888 bytes is created and started on the PC. Afterwards, DR/Sober.X also shows a fake window:

The security specialists from H+BEDV recommend all computer users to immediately delete emails with the detection patterns and to update the virus protection on the PC. Because of this, H+BEDV already has provided several updates this morning at 7:00 a.m. for all business users as well as private users.

The current version of the virus protection software as well as a detailed virus description can be downloaded from www.hbedv.com. Private users can also effectively protect themselves against the unwanted visitor. The new AntiVir PersonalEdition Premium offers detailed protection for the private PC available at www.antivir-pe.de.

About H+BEDV Datentechnik

H+BEDV Datentechnik GmbH is specialized in developing cross-system business security solutions since 1988. Its clients include leading national and international enterprises, both for-profit and non-profit, as well as various educational institutions and public entities.

In addition to its extensive product portfolio for Microsoft Windows systems, the company is a growing technological leader in the growth market for Linux operating systems. H+BEDV Datentechnik GmbH already offers high-performance solutions for file servers, Web servers, mail servers and workstations.

The AntiVir scanner was again awarded the Virus Bulletin 100% Award in 2005 and has a current certification by the German quality assurance authority TÜV.

In addition to its own distribution channels, H+BEDV Datentechnik GmbH has a comprehensive network of resellers in Europe and throughout the world. The company also works closely with the German Federal Office for Information Security (BSI).

Company Contact:

Adela Kohl/Gernot Hacker
H+BEDV Datentechnik GmbH
Lindauer Str. 21
D-88069 Tettnang
Telephone: +49 (0) 7542-500 284
Fax: +49 (0) 7542-525 10
Email: mailto:presse@antivir.de

Press Contact:

Jacklin Montag
Lewis Communications GmbH
Baierbrunner Strasse 15
D-81379 München
Telephone: +49 (0) 89 1730 19 19
Fax: +49 (0) 89 1730 19 99
Email: antivir@lewispr.com

About Avira

Avira protects people in the connected world – enabling everyone to manage, secure, and improve their digital lives. The Avira umbrella covers a portfolio of security and performance applications for Windows, Android, Mac, and iOS. In addition, the reach of our protective technologies extends through OEM partnerships. Our security solutions consistently achieve best-in-class results in independent tests for detection, performance, and usability. Avira is a privately-owned company that employs 500 people. Its headquarters are near Lake Constance, in Tettnang, Germany, and the company has additional offices in Romania, India, Singapore, China, Japan & the United States. A portion of Avira's sales support the Auerbach Foundation, which assists education, children, and families in need. For more information about Avira visit www.avira.com.