Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Sober.C@mm

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 19 Dec 2003 03:00:00
Description created 22 Dec 2003 06:18:00
Description updated 10 Mar 2004 06:18:00
Malware type WORM
Alias
Spreading mechanism EMAIL
Summary None

W32/Sober.C@mm

Spreading

The worm spreads over email using email addresses picked from several sources on the infected computer - including TXT and HTM files, emails and contact lists.
Email addresses are stored in %System%\Savesyss.dll
The emails are composed semi-randomly, based on a set of word lists and conditions. Emails may be generated in either German or English.
Possible German subjects: Betr: Klassentreffen
Testen Sie ihren IQ
Bankverbindungs- Daten
Neuer Dialer Patch!
Ermittlungsverfahren wurde eingeleitet
Ihre IP wurde geloggt
Sie sind ein Raubkopierer
Sie tauschen illegal Dateien aus
Ich hasse dich
Ich zeige sie an!
Sie Drohen mir!!
Anime, Pokemon, Manga, Handy ...
Anmeldebestõtigung
Neu! Legales Filesharing
Umfrage: Rente erst mit 80!
du wirst ausspioniert
Ein Trojaner ist auf Ihrem Rechner!
Du hast einen Trojaner drauf!
Hi, Ich bin’s
Possible English subjects: ups, i’ve got your mail
Sorry, that’s your mail
hi, its me
Thank You very very much
you are an idiot
why me?
I hate you
Preliminary investigation were started
Your IP was logged
You use illegal File Sharing ...
A Trojan horse is on your PC
a trojan is on your computer!
Anime, Pokemon, Manga, ...
Possible German Attachments: Klassenfoto.*
www.iq4you-german-test.com
BaB.*
www.freewantiv.com
SysDial-patch.*
txt.*
haha_sehr_witzig.
DrohMails.*
RTL-DSDS-anmelde.*
www.free4manga.com
www.free4share4you.com
www.tagespolitik-umfragen.com
meld dich einfach.*
test.*
alledigis.*
Possible English Attachments: yourmail.*
txt.*
doc.*
test.*
photos.*
reward.*
youtoo.*
www.onlinegamerspro-worm.com
downloader.exe
www.freegames4you-gzone.com
painfulness.*
terror-list.*
www.boards4all-terror432.com
yourregistration.*
letters.*
www.anime4allfree.com
mangaconection.*
www.animepage43252.com
Possible filename extensions: .com
.bat
.cmd
.pif
.scr
.exe

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15