Virus Warning! Worm known as W32.Sober.X@mm

[Harry]

I have received dozens of virus attachments recently, so obviously there's another big one out there. I'm surprised that no one has mentioned it. This one is spreading fast enough that we had better mention it.

Most come in tying to trick you into looking at the attachment, from an ISP postmaster claiming that your mail didn't go through, or from such and such web site claiming that your Account and Password Information are attached!

DO NOT OPEN ATTACHMENTS!

In Outlook Express, go to Tools > Options > Read and click the box that says Read all messages in plain text.

Colorful html mail is wonderful, but it can also send your computer straight to the repair shop.

[Ken Majeski]

Yes I have gotten a Lot of them lately.... Some appear to be from the CIA and say I have been tracked on over 30 Ilegal websites and have a Worm attached. Some say Mail delivery failure and are about the same size with the Worm attached.... I opened one sent to my MSN address and it revealed the worm which I can't remember the name of. They all seemed to be 75 KB in size.... Got about 10 of them the other day but nothing the last couple days...

[BDMelon]

Thats just great, i have enough problems watch what i am doing, now i have to try & explain to my son & wife what not to do. geezzz
i had a patch coming in on my AVG this morning with a major download for some worm update i wonder if this was to handle this new intruder, my spybot
seach & destroy & AVG i hope is enough protection, if not someone would someone throw me a bone here, To tell if i need more .i don't need a crash here when i'm at work, help me Harry / Craig,if you can give me any infor. i need to get for more protection for my PC

Bd melon,

[Phillip Hutchinson]

G'DAY Chaps
Is'nt strange that as quick as these viruses get out and about the big companies seem to have the antidote??????????? coinsidence I don't know .I installed the free version of AVG and also the m/soft anti spyware program with good results,as stated before all I have to do is to convince miss 13 that she might be able to do things on the computer a lot quicker than I do but that don't mean she knows more about it than I (watch out for music downloads) happy computing regards Phillip

[Sky]

Good thing i got nortons intrenet security!

and AOL........most commonly refered to as AOH*LL, but im happy.

[Tim Christoff]

I glad to hear someone else has gotten that FBI one, kinda of freaked me out a bit as I was sure I hadn't been on some illegal site. Deleted it anyway. AVG seems to be doing its job so I haven't had any problems yet.

Tim

[BDMelon]

Harry, I just had a heck of a time getting on stak tonight,took about 10 mins to get on, kept coming up with error on getting on the site, or is it just on my end

BD melon

[DanR]

AVG is excellent and should do the job. BE SURE to set it to run first thing and do the updates. As always, BACK UP YOUR WORK!

[Harry]

Dear Harry,

We recently received the following e-mail in one of our mailboxes and figured it was a perfect way begin a letter about recognizing e-mail virus messages. The e-mail message read as follows:
Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505

++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time


The subject of the message was "You visit illegal websites" and had a To address of Z-User@sisna.com. The From address was Admin@cia.gov.

The attached file was named list888.zip, however, as you would expect, the file was not a list of questions. Instead, it was a mass mailing worm known as W32.Sober.X@mm by Symantec (see http://www.sarc.com/avcenter/venc/da...ober.x@mm.html for details). If we had opened the file, it would have installed itself on our computer, collected all of the e-mail addresses in our address book and started sending out more letters like the one above to our contacts.

Fortunately, we were able to easily determine that the message is fake and did not open the attachment. Unfortunately, there are many others who have fallen for this type of ruse, which is why these types of virus messages exist. That is why we want to point out some of the things you can look for to determine the authenticity of an e-mail message.

First, let's look at the things the writers of the message have done to trick us into opening the attached file. They started by trying to convince us that the message was actually sent by the CIA. The From address is spoofed, or altered to appear as if the message was sent by a legitimate organization, and the contact information at the bottom of the letter is the correct contact information for the Office of Public Affairs (http://www.cia.gov/cia/contact.htm). Next, they try to scare us by making a claim about our online habits in order to make us behave emotionally instead of rationally. The subject of the message makes a straightforward accusation, which is seemingly supported by the message itself. Their goal is to make us start worrying about how to defend ourselves against the accusation instead of realizing that the accusation is false in the first place.

Now that we know how the virus writers are trying to con us, we can more easily see through their con. We know that we cannot determine the true sender of an e-mail by looking at the From address, so we are not fooled by the Admin@cia.gov address. Also, we know that the signature in the e-mail address, even though the contact information is correct, does not necessarily mean that the CIA sent the letter. In this case, the virus writers confident that very few people will take the time to call the number provided. Finally, we can be reasonably certain that the Office of Public Affairs, who acts as the point of contact for the CIA, would take the time to use proper capitalization and subject-verb agreement.

Since we know the message is not real, we know the accusations made in the message are not real and that the attachment is not a list of questions. If, however, you are unsure about whether or not a message is real, we still suggest that you do not open the attachment. It is best to never open attachments unless you know exactly what you are opening. Even if you know the person who sent the message to you, remember that it is easy to disguise the true sender of a message. When in doubt, contact the person and verify that they sent the message.

Sincerely,


Greg Watkins
President, SISNA Inc.
http://www.sisna.com/