FYI: AVERT Medium Threat Advisory: W32/Sober.r@MM -- The latest McAfee DAT is v4599

[David H. Lipman]

"AVERT Medium Threat Advisory: W32/Sober.r@MM

Advisory
This is a Medium Threat Advisory for W32/Sober.r@MM.

Justification
W32/Sober.r@MM has been deemed Medium due to prevalence.

Read About It
Information about W32/Sober.r@MM is located on VIL at:
http://vil.nai.com/vil/content/v_136390.htm

Detection
W32/Sober.r@MM was first discovered on October 5, 2005 and detection will be
added to the 4598 dat files (Release Date: October 5, 2005). The EXTRA.DAT IS
AVAILABLE.

If you suspect you have W32/Sober.r@MM, please submit a sample to
http://www.webimmune.net.

Risk Assessment Definition
For further information on the Risk Assessment and AVERT Recommended Actions
please see:
http://www.mcafeesecurity.com/us/security/resources/risk_assessment.htm

Best Regards,

McAfee AVERT - Anti Virus and Vulnerability Research, Analysis, and
Solutions visit us at www.avertlabs.com "

 

[Gabriele Neukam]

On that special day, David H. Lipman, ([email protected])
said...

If you suspect you have W32/Sober.r@MM, please submit a sample to
http://www.webimmune.net.

Suspect? It was in a mail, titled "Bcc Ich habe Ihre Mail erhalten!" in
my inbox today. Supposedly I had sent a photo to the wrong person,
which sent it back (as if I had lost it). I had to ask Virustotal for
identification. Perhaps I should update my AVG a second time today.

(Checks with new definitions)
"Virus found!" (Sober.T) Ok, danger is identified, system is fine.


Gabriele Neukam

(e-mail address removed)

 

[Fitz]

Yeah...I got this one today too. Symantec CE caught and deleted it. The
mail subject was something about a password change. NOT!

***

 

[louise]

"AVERT Medium Threat Advisory: W32/Sober.r@MM

Advisory
This is a Medium Threat Advisory for W32/Sober.r@MM.

Justification
W32/Sober.r@MM has been deemed Medium due to prevalence.

Read About It
Information about W32/Sober.r@MM is located on VIL at:
http://vil.nai.com/vil/content/v_136390.htm

Detection
W32/Sober.r@MM was first discovered on October 5, 2005 and detection will be
added to the 4598 dat files (Release Date: October 5, 2005). The EXTRA.DAT IS
AVAILABLE.

If you suspect you have W32/Sober.r@MM, please submit a sample to
http://www.webimmune.net.

Risk Assessment Definition
For further information on the Risk Assessment and AVERT Recommended Actions
please see:
http://www.mcafeesecurity.com/us/security/resources/risk_assessment.htm

Best Regards,

McAfee AVERT - Anti Virus and Vulnerability Research, Analysis, and
Solutions visit us at www.avertlabs.com "

Thanks for posting this. I just went onto my NOD32, which is set
to automatically update. I manually updated and lo and behold,
there was an update which had not been automatically downloaded as
yet.

Louise

 

[David H. Lipman]

From: "louise" <[email protected]>


| Thanks for posting this. I just went onto my NOD32, which is set
| to automatically update. I manually updated and lo and behold,
| there was an update which had not been automatically downloaded as
| yet.
|
| Louise

You're welcome ;-)

 

[Ian Kenefick]

Thanks for posting this. I just went onto my NOD32, which is set
to automatically update. I manually updated and lo and behold,
there was an update which had not been automatically downloaded as
yet.

NOD32 detected this as 'probably a variant of Win32/Sober'. It did not
require an update.