virus worm alert : Email-Worm.Win32.Sober.y

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

An email worm named 'win32.Sober.y' is currently infecting personal
computers thanks to your mail system.
It can also jump to other mailbox thanks to your addressbook
If you have more information about it, please complete the next data bank

Hopefully Kaspersky see it immediately and delete it at your request.

A trick: add a rule in your mailing system to delete directly from the host
server all mails
It comes also from local servers and servers located in near countries
(, in my case as I live in Lux.).


Auteur de "Un siècle de Physique,  1- La Physique Quantique", AEGEUS, 2005
Détail sur :

Re: virus worm alert : Email-Worm.Win32.Sober.y

On that special day, , ("Thierry" <->) said...

Quoted text here. Click to load it

Thank you for the *fast* information - not! The first alerts were some
days ago, *here*.

And it is already the second verison, which DOESN'T omit addresses with
"spam" inside. As a result, i received ten specimens today. Other
Germans who are running own mailservers, had to reject 21k of them.

gives an impression of what is going on.

Until now, Sober was mainly attacking German recipients, preparing
their machines to turn them into mass mailers, especially for a second
wave of pesky rightist hate mails. I wonder, if the author has
"detected" the opportunities of making money with spam zombies...

Gabriele Neukam

Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

Re: virus worm alert : Email-Worm.Win32.Sober.y

Quoted text here. Click to load it

Well. Hopefully for me. I saw it for the first time yesterday night, hence
this post.
I am following it. It is now detected in fr and be as well but it is always
a sober variant

Quoted text here. Click to load it

you were spammed, and you call you "spamfighter.. ?" :-)
Install rather a good protection on your system instead of criticize !


Quoted text here. Click to load it

Re: virus worm alert : Email-Worm.Win32.Sober.y

Thierry wrote:

Quoted text here. Click to load it
   Modify that warning to * and * where "*" means
anything, especially ranDUMB characters.
   One day i got about 6; normally it is one or 2 at most per week.
   The attachment seems to always be a ZIP with an EXE inside, and
Norton does not recognize the payload.

Re: More info on virus worm alert : Email-Worm.Win32.Sober.y

Robert Baer wrote:
Quoted text here. Click to load it
   What is common with the "FBI" and "CIA" emails..
1) Subject seems to always be: Your_IP_was_logged
2) From has variants "post", "office" or "department" then @ then
"" or ""
3) In the headers, they are always short and the received from has the
"*" or "*" where "*" is ranDUMB trash, and the IP varies
4) The body of the message always is <BODY>

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000
5) the attachment is always named "" and there is only
one item inside, which is always an EXE.
6) NAV does not recognize the payload; "OK" according to them...

Site Timeline