Click here for case studies, whitepapers and other useful vendor content Newsletter Subscription
November 22, 2005 - New York 17:00 GMT/ 12:00 ET - MessageLabs, the leading provider of managed email security services to businesses worldwide, has intercepted over 2.7-million copies of a new Sober virus, many of which are being spoofed to appear as though they are sent from the FBI or the CIA. The first copy was stopped at 19:00 GMT on 21st November. The size of the attack indicates that this is a major offensive, certainly one of the largest in the last few months.
These emails suggest to recipients that their Internet use has been monitored by the FBI or CIA and that they have accessed illegal Web sites. The email directs users to open the ZIP attachment containing the executable, which once opened delivers the Sober virus payload. It then spreads by searching the infected computer for other email addresses to send copies of itself to, but ignoring any domains for certain security organizations, including MessageLabs.
The virus will send emails in German for domains ending .DE or .AT and a few others, with the remainder being sent in English. It seems that despite warnings, many recipients are still opening the emails allowing the virus to spread still further.
Also, since yesterday, MessageLabs has stopped three new variants of W32/Mytob, one of which was W32/Mytob.ED!ee4e, for which we have stopped over 10,000 copies.
MessageLabs stopped all copies destined for clients using the MessageLabs Anti-virus service.
Email Characteristics From: mail@fbi.gov, post@fib.gov, admin@fbi.gov
Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, Steven Allison
++++ Central Intelligence Agency -CIA- ++++ Office of Public Affairs ++++ Washington, D.C. 20505 ++++ phone: (703) 482-0623 ++++ 7:00 a.m. to 5:00 p.m., US Eastern time
Attachment: question_list.zip list.zip
Size: 54.2 KB (55,536 bytes )
Detection MessageLabs detected this virus proactively, using its unique and patented Skeptic™ predictive heuristics technology.
About MessageLabs MessageLabs is the world's leading provider of messaging security and management services with more than 12,000 clients and offices in eight countries. For more information, please visit www.messagelabs.com.
-- ENDS -- Media Contacts: APAC: Claire Hosegood, MessageLabs, +61 (0)2 8208 7111, chosegood@messagelabs.com
ARN Member Login
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
IFA: LG's newest TV includes BluetoothBluetooth will be installed in models in LG's PG7000-series plasma sets and LG7000-series LCD sets, which are due on sale across Europe before the end of September.
Brian's bloopersIt takes a long time to produce an episode of Channel Watch. Maybe you'll understand why after watching this...
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 29 August, 2008 12:31:00
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 29 August, 2008 12:00:00
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 29 August, 2008 09:59:00
Sybase and Logica Partner To Mobilise The Supply Chain 29 August, 2008 09:47:00
New global landscape for qualitative researchers with Spanish and Chinese software releases 29 August, 2008 09:34:00
Bankstown Council streamlines their IT with Microsoft® Windows Server® 2008
Deciding it was time for more streamlined operations, Bankstown Council teamed up with OSS Infotech, a Microsoft Gold Certified Partner. The solution included Microsoft Windows Server, Microsoft SQL Server® and Microsoft Exchange®.
Subscribe to ARN
