Jump to content

Sober Worm Plans 5 January Attack


Jeff
 Share

Recommended Posts

Security outfit iDefense is reporting that the next Sober worm attack will take place on 5 January - the 87th anniversary of the founding of the Nazi party.

 

The information has been gleaned from breaking encrypted code in the latest version of Sober which dominated the November anti-virus ratings. According to iDefense, "the November 22 variant is designed to download an unknown payload of code on January 5, 2006".

Click Here

 

As we reported last month, Sober accounted for "one in every 13 emails sent and 42.9 per cent of all viruses reported to Sophos" in the November threat chart. The last variant was delivered as an email attachment to messages - either in German or English - allegedly emanating from police agencies warning users they are under investigation for visiting illegal websites.

 

Once the attached file is run, the worm "scans the user's hard drive for email addresses, in its search for fresh targets for infestation". It also tries to disable security software on infected Windows PCs.

 

Regarding the apparently political timing of the next expected assault, Joe Payne, vice president, VeriSign iDefense Security Intelligence Services, said: "This discovery emphasizes the ever-present and often underestimated threat of 'hacktivism' - combining malicious code with political causes. Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses."

large.greyhound_signature.gif

Link to comment
Share on other sites

So is not opening suspicious emails enough to protect our PC's from this? What do you do, Jeff?

...............Chase (FTH Smooth Talker), Morgan (Cata), Reggie (Gable Caney), Rufus
(Reward RJ). Fosters check in, but they don't check out.
Forever loved -- Cosmo (System Br Mynoel), March 11, 2002 - October 8, 2009.
Miss Cosmo was a lady. And a lady always knows when to leave.

Link to comment
Share on other sites

never open stuff like that, but no, that in itself is not enough. Install a decent virus scanner there are good free ones available

 

http://www.avast.com/eng/avast_4_home.html (Free) Avast - What I use

http://www.grisoft.com/doc/289/lng/us/tpl/tpl01 (Free) AVG - also very good

 

Also install a firewall

 

http://smb.sygate.com/products/spf_standard.htm (Free) Sygate

large.greyhound_signature.gif

Link to comment
Share on other sites

Would you recommend those in addition to the Norton stuff I have, or instead of? I know there was a thread not too long ago where everyone basically agreed Norton was subpar, but I wasn't sure if I should dump it or just augment it with the other.

...............Chase (FTH Smooth Talker), Morgan (Cata), Reggie (Gable Caney), Rufus
(Reward RJ). Fosters check in, but they don't check out.
Forever loved -- Cosmo (System Br Mynoel), March 11, 2002 - October 8, 2009.
Miss Cosmo was a lady. And a lady always knows when to leave.

Link to comment
Share on other sites

uninstall it and get your computer back from the Norton grasp.

1799039[/snapback]

 

Well, I guess that right there tells me all I need to know. :lol

 

Thanks!

...............Chase (FTH Smooth Talker), Morgan (Cata), Reggie (Gable Caney), Rufus
(Reward RJ). Fosters check in, but they don't check out.
Forever loved -- Cosmo (System Br Mynoel), March 11, 2002 - October 8, 2009.
Miss Cosmo was a lady. And a lady always knows when to leave.

Link to comment
Share on other sites

I use zone alarm for the free firewall and avast for the e-mail.

 

I have been told that virus's are passes in attachments so if you do not open the attachement, then you are safe (and you are running anti-virus software). I rarely open attachments even jokes ones that friends pass. Never open them.

 

Is this true that virus's are always in the attachment?

Link to comment
Share on other sites

I just post the virus warnings I see. When the last big one hit, we got a bundle of email to our helpdesk, that is because many of the GT users were infected and didn't even know it. The virus sent to everyone listed in the persons inbox, our helpdesk included. It became worse after SS started because 360+ people now have the address to the helpdesk, and however many of those infected now send to us.

 

I find it funny when people say "I've never had a problem, or a virus" but the fact of the matter is... you may not know you do, but all the people in your inbox sure know that you have a problem!

large.greyhound_signature.gif

Link to comment
Share on other sites

Guest Pat2003

Just went to download the fire wall and -

 

Important Notice: Effective November 30th, 2005 all Sygate personal firewall products will be discontinued. This does not affect Sygate's Enterprise firewall and endpoint compliance products, which will still be updated and supported.

 

I down loaded the avast anti-virus software and removed all the Norton stuff which I think included a fire wall. Any other suggestions for a fire wall?

Link to comment
Share on other sites

Jeff,

My desktop is infected with something right now. My son opened an email and thats where it started. We have the Mcaffey provided by msn but I guess that didn't work. Mcaffey also has a firewall as does windows xp. Are these not sufficient or have I not set them up properly. We run ad aware frequently. I have downloaded the AVG software and spybot and would like a recommendation for a free firewall. Thanks for letting us pick your brain.

Sandy

 

Edited because I forgot to mention I am working on my laptop not the desktop.

Edited by dobelvr
Link to comment
Share on other sites

The windows built-in firewall is not sufficient, no.

 

By choosing to open the email, you pretty much bypass the firewall, they are designed to stop forced entry, not so much email virus, but that is where your virus scanner comes in. Your virus scanner if updated, and designed to scan emails before you open them, should catch things like that. Always be sure you have the latest virus definitions for your virus scanner, most new ones, download those definitions automatically and check for them at least daily, if not every few hours.

 

I don't have a personal recommendation for a firewall. I am behind a hardware firewall, plus also run a software firewall (ZoneAlarm Pro) but even knowing what I am doing, ZoneAlarm is a bear to setup and use, so I don't really recommend it.

large.greyhound_signature.gif

Link to comment
Share on other sites

best solution is a hardware firewall, a software firewall, and an anti-spyware and anti-virus system that updates itself frequently (some do daily or even more frequent updates). hardware (& ms windows firewall) are good at protecting you from unsolicited intrusion from outside, but not from anything that you have 'invited' in via websites or email, file share systems, dodgy downloads, etc. a layered approach useing some or all of these is best, depending on how paranoid you are.

 

Software Firewalls:

 

i'm a bit prejudiced, as i am a moderator for their user based support forum, but agnitum's outpost firewall pro has beaten many of the others, norton, ZA, sygate, etc. in side-by-side tests and the current version three has a number of plugins to assist in anti-spyware, ad & popup blocking and a number of other attack threats.

 

there is a version 1 available as freeware which is quite good, but the paid version is much better now, there may be a free reduced feature version soon.

 

now that sygate has been killed by semantec to keep competition away from their bloated offering, and with many ZA people crossing over, outpost is a viable option for many.

 

there is a free to download 30 day trial version available, so feel free to try it before you buy it & if you don't like it, you're not out anything. make sure if you have used zone alarm before (or any other personal firewall) to completely deinstall it before installing outpost or any other flavour firewall as they cannot co-exist. the windows firewall should also be disabled in the security centre if you install any other firewall.

 

if you accept the default settings of outpost, you can then go on to explore it's many other settings that can be used to further tighten up the security. it's not a install & forget solution, you will need a modicum of computer literacy to use it fully, but those of us running the forum are there to help if you get stuck. (and we are greyhound tested and approved by blue & millie)

 

ad-aware, one of the most well known anti-spyware systems has just done a deal to bundle a reduced version (some of the outpost plugins are not available, main firewall functionality is the same tho) with their security systems. have a look at www.agnitum.com and/or at the ad-aware site.

 

as far as wether you should use a free or a paid version of security software, it depends on your budget, how much you can afford to lose if you get zapped and are infected, and how much it will cost to recover any files, letters, and other documents, music, etc. destroyed by the baddies. also how much you have in your accessable bank accounts if they manage to spy out your account details.

 

remember 2 things:

 

you get what you pay for

 

caveat emptor

 

good luck all!

Edited by kronckew

emailsigpic.png.db2e34c73e3fb82b645992914134105e.png

CAVE CANEM RADIX LECTI ET SEMPER PARATUS
Real Dogs Have Tattoos or Feathered Ears
Vegetarians: My food poops on your food.

Link to comment
Share on other sites

will downloading a new firewall cause any conflicts with the windows firewall?

Remembering the games we used to play: Games We Used to Play: A Hop, Skip and Jump Down Memory Lane

 

Oscar (Answer to Chevy): 8/23/02-8/13/07 & Dee (Cee Bar Denise): 12/23/98-8/28/08.

Order your own copy of Oscar's Diaries: Life as a Retired Greyhound

Link to comment
Share on other sites

yes, you don't want to run more than one firewall at a time.

Microsoft Firewall is very poor, it should not be relied on. Also, it is only an inbound firewall, not an outbound.

 

Here is something interesting.... most modern firewalls automatically disable the Microsoft firewall when they are installed. Now if those programs can disable it, don't you think a virus can too ;)

 

Other firewalls are not able to be disabled by programs like the Microsoft firewall can.

large.greyhound_signature.gif

Link to comment
Share on other sites

My McAffee just caught a Sober Worm trojan horse...a bogus e-mail from E-bay.

1826907[/snapback]

 

Wow...

 

 

Jeff, my school has a firewall, but when I take my laptop home (it belongs to the school, but I use it at school and at home), I'd like firewall protection. What would you recommend? I read where you said to not run more than one at a time, but obviously I need some kind of protection when using the laptop at home.

Mom to Daisy (1999-2012), LB (aka Little Bit), and Sammy James (aka Sammy or Buddy)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...