Virus: Sober.X (aka "Illegal Websites")
Status: Real.
Example: [Collected on the Internet, 2005]
Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Yours faithfully, ++++ Central Intelligence Agency -CIA- ++++ phone: (703) 482-0623 Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Yours faithfully, *** Federal Bureau of Investigation -FBI- |
Origins: Like
the earlier Sober.C mass-mailing worm which hit in 2003, this latest version (Sober.X) employs phony warning messages supposedly sent by law enforcement agencies which claim to be tracking illegal Internet activity. In this case, the messages purport to come from a "Steve Allison," an investigator with either the FBI or the CIA, and state that the recipient has visited "more than
Once it has infected a system, Sober.X may disable security and firewall programs, replicate itself by sending messages to contacts found in
Sober.X e-mails are sent out with a variety of subject lines:
- hi, ive a new mail address
- Mail delivery failed
- Paris Hilton & Nicole Richie
- Registration Confirmation
- smtp mail failed
- You visit illegal websites
- Your IP was logged
- Your Password
The FBI has placed an alert about these messages on its web site:
The e-mail appears to be sent from the e-mail addresses of mail@fbi.gov and admin@fbi.gov. There may be other similarly styled addresses. The recipient is enticed to open the zip attachment which contains a w32/sober.jen@mm worm. The attachment does not open and its goal is to utilize the recipient's computer to garner information. Secondly, the virus allows the
The FBI today warned the public to avoid falling victim to an on-going mass e-mail scheme wherein computer users received unsolicited e-mails purportedly sent by the FBI. These scam
Only Microsoft Windows platforms are vulnerable to Sober.X.
Symantec offers
Last updated: 24 November 2005
Sources: