Welcome to BrightSite by bright.net Internet Services
bright.net Anti-Virus Page
Navigation
Recent Entries
¤ "Fake Antivirus" - Removal Tool Now Available
¤ Scheduled Maintenance - Scam Message
¤ XP Antivirus 2008 - Trojan
¤ MSNBC Spam
¤ CNN Scam Mail
¤ View All
¤ Scheduled Maintenance - Scam Message
¤ XP Antivirus 2008 - Trojan
¤ MSNBC Spam
¤ CNN Scam Mail
¤ View All
Links
Antivirus Programs
¤ Avast Antivirus
¤ AVG - Free Anti-Virus
¤ Avira AntiVir
Information
¤ Syamantec Virus Info
¤ Unwantedlinks.com
¤ Virus Encyclopedia
¤ Virus Hoax
Misc/Patches
¤ Mozilla Firefox (Browser)
¤ Sasser Patch - 2000/XP
¤ Zobot Patch
Removal Tools
¤ Avast! Removal Tool
¤ Beagel Removal
¤ Mytob Removal Tool
¤ Netsky Fix Tool
¤ Sasser Removal Tool
¤ Sober (Choose version)
¤ Sober.C Removal (NEW)
¤ Sober.X Removal
¤ Stinger - Virus Removal Tool
¤ Virus Removal Tool List
¤ Virus Utilities
¤ Zobot Removal Tool
Spyware Removal
¤ Ad-Aware
¤ CW Shredder
¤ Hijackthis
¤ Malwarebytes
¤ SpyBot - Search & Destroy
¤ Windows Defender
¤ Avast Antivirus
¤ AVG - Free Anti-Virus
¤ Avira AntiVir
Information
¤ Syamantec Virus Info
¤ Unwantedlinks.com
¤ Virus Encyclopedia
¤ Virus Hoax
Misc/Patches
¤ Mozilla Firefox (Browser)
¤ Sasser Patch - 2000/XP
¤ Zobot Patch
Removal Tools
¤ Avast! Removal Tool
¤ Beagel Removal
¤ Mytob Removal Tool
¤ Netsky Fix Tool
¤ Sasser Removal Tool
¤ Sober (Choose version)
¤ Sober.C Removal (NEW)
¤ Sober.X Removal
¤ Stinger - Virus Removal Tool
¤ Virus Removal Tool List
¤ Virus Utilities
¤ Zobot Removal Tool
Spyware Removal
¤ Ad-Aware
¤ CW Shredder
¤ Hijackthis
¤ Malwarebytes
¤ SpyBot - Search & Destroy
¤ Windows Defender
Virus News
WORM_SOBER.AG
TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_SOBER.AG. TrendLabs has received several infection reports indicating that this malware is spreading in the USA, Belgium, Canada, Brazil, and New Zealand.
This memory-resident worm propagates by attaching a copy of itself to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Since it's email propagation does not require any user intervention, the user is often unaware that this worm is sending out email messages.
The email it sends out has the following details:
From: {Email address generated by this worm}
Subject: (any of the following)
• hi,_ive_a_new_mail_address
• Mail delivery failed
• Registration Confirmation
• smtp mail failed
• Spam: Registration Confirmation
• Your Password
• Your IP was logged
• Paris_Hilton_&_Nicole_Richie
• You visit illegal websites
Message body: (any of the following)
hey its me, my old address dont work at time. i dont know why?!
in the last days ive got some mails. i' think thaz your mails but im not sure!
plz read and check ...
cyaaaaaaa
---
This is an automatically generated Delivery Status Notification.
SMTP_Error []
I'm afraid I wasn't able to deliver your message.
This is a permanent error; I've given up. Sorry it didn't work out.
The full mail-text and header is attached
---
Account and Password Information are attached!
***** Go to: http://www.{random}.com
***** Email: {random}.com
---
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
---
Account and Password Information are attached! ---
The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures & more ;)
Download is free until Jan, 2006!
Please use our Download manager.
Attachment: (any of the following)
• mailtext.zip
• mail.zip
• reg_pass.zip
• mail.zip
• reg_pass-data.zip
• question_list.zip
• list.zip
• downloadm
• mail_body.zip
The attached .ZIP file contains the copy of this worm using the following file name:
File-packed_dataInfo.exe
When executed, it displays a fake error message box in order to trick a user into thinking that the file did not properly execute.
This worm searches the process list of the affected system for mrt.exe, the Microsoft Windows Malicious Software Removal Tool process. If found, it terminates the said process thus making the system more vulnerable to malicious attacks.
This memory-resident worm propagates by attaching a copy of itself to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Since it's email propagation does not require any user intervention, the user is often unaware that this worm is sending out email messages.
The email it sends out has the following details:
From: {Email address generated by this worm}
Subject: (any of the following)
• hi,_ive_a_new_mail_address
• Mail delivery failed
• Registration Confirmation
• smtp mail failed
• Spam: Registration Confirmation
• Your Password
• Your IP was logged
• Paris_Hilton_&_Nicole_Richie
• You visit illegal websites
Message body: (any of the following)
hey its me, my old address dont work at time. i dont know why?!
in the last days ive got some mails. i' think thaz your mails but im not sure!
plz read and check ...
cyaaaaaaa
---
This is an automatically generated Delivery Status Notification.
SMTP_Error []
I'm afraid I wasn't able to deliver your message.
This is a permanent error; I've given up. Sorry it didn't work out.
The full mail-text and header is attached
---
Account and Password Information are attached!
***** Go to: http://www.{random}.com
***** Email: {random}.com
---
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
---
Account and Password Information are attached! ---
The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures & more ;)
Download is free until Jan, 2006!
Please use our Download manager.
Attachment: (any of the following)
• mailtext.zip
• mail.zip
• reg_pass.zip
• mail.zip
• reg_pass-data.zip
• question_list.zip
• list.zip
• downloadm
• mail_body.zip
The attached .ZIP file contains the copy of this worm using the following file name:
File-packed_dataInfo.exe
When executed, it displays a fake error message box in order to trick a user into thinking that the file did not properly execute.
This worm searches the process list of the affected system for mrt.exe, the Microsoft Windows Malicious Software Removal Tool process. If found, it terminates the said process thus making the system more vulnerable to malicious attacks.
November 22nd, 2005
bright.net does not support nor endorse these programs but have found some of them helpful. Many of the programs and links found on this page are for third-party applications and are to be used at your own risk. Should you encounter problems with the tools, you may need to consult a computer technician for further assistance.