FYI...
Microsoft Security Advisory (912920)
Systems that are infected with Win32/Sober.Z@mm may download and run malicious files from certain Web domains beginning on January 6, 2006
- http://www.microsoft.com/technet/sec...ry/912920.mspx
Published: January 3, 2006
"Microsoft is aware of the Sober mass mailer worm variant named Win32/Sober.Z@mm. The worm tries to entice users through social engineering efforts into opening an attached file or executable in e-mail. If the recipient opens the file or executable, the worm sends itself to all the contacts that are contained in the system’s address book. Customers who are using the most recent and updated antivirus software are at a reduced risk from infection by the Win32/Sober.Z@mm worm. On systems that are infected by Win32/Sober.Z@mm, the malware is programmed to download and run malicious files from certain Web domains beginning on January 6, 2006. Beginning approximately every two weeks thereafter, the worm is set to begin downloading and running malicious files from additional sites on the same Web domains. As with all currently known variants of the Sober worm, the worm does not appear to target a security vulnerability, but rather relies on the user opening an infected attachment...
Suggested Actions
• Check for and remove the Sober infection.
Use the Microsoft Windows Malicious Software Removal Tool, Safety.live.com, or Windows OneCare to search for and remove the Sober worm and its variants from infected systems.
• Monitor outbound network connections to targeted Web sites.
• Because the Win32/Sober.Z@mm worm may download and run malicious files from certain Web domains beginning on January 6, 2006, attempted connections to the following Web sites should be monitored for signs of an infected host on local networks.
Targeted Web sites
people.freenet.de
scifi.pages.at
home.pages.at
free.pages.at
home.arcor.de ..."
.
