New Sober worm poses as Microsoft patch

Tuesday, 9 March 2004, 1:54 AM EST

A new virus discovered Monday plays off fears generated by last week's wave of worms by masquerading as a patch from Microsoft that purportedly keeps MyDoom at bay.

Sober.d, also dubbed Roca.a by some security firms, arrives in an e-mail message with a subject that reads “Microsoft Alert: Please Read!” (The worm also comes in a German flavor, with a matching headline of “Microsoft Alarm: Bitte Lesen!”)

The message's text then goes on to urge the recipient to open the attached file, which can arrive either as an executable, or within a password-protected Zip archive. The attachment, claims the message, will protect the user's computer from a new variant of the MyDoom worm, and has other text that tries to pass itself off as coming from Microsoft. (Microsoft never e-mails security updates.)

At Techweb.

[ Read more ]

Related items




Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //