‘Possible Trouble’ for PC owners
Moderator: Wiz Feinberg
-
John Bechtel
- Posts: 5103
- Joined: 1 Jul 2002 12:01 am
- Location: Nashville, Tennessee, R.I.P.
‘Possible Trouble’ for PC owners
I received a notice today that listed the Subject as: ‘Your New Password’ The return address indicated it was from aol which has nothing to do with what I subscribe to! I did not open it, but; I did forward it to the proper party to investigate and then deleted it. So, if you receive an e-mail labeled “Your New Password” you might want to proceed with caution or just delete if you do not subscribe to aol.
-
Bobby D. Hunter
- Posts: 165
- Joined: 24 Jul 2004 12:01 am
- Location: USA
I have submitted the attachment in John's email to Kaspersky Labs, for analysis. I think that it is a new variant of a password stealer trojan. It seems to be geared towards AOL users, since the message began with "Dear AOL User"
Anybody receiving this, or any other suspicious unsolicited attachments should delete those messages without opening the attachment. If you are in doubt you can forward the email to me and I will try to figure out what is going on.
Many new trojan horse programs are distributed by Zombie PCs, under the control of a BotNet owner. These machines belong to unsuspecting people who don't know or care about securing their computers against Internet threats.
I urge you all to practice safe Hex!
------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop
Anybody receiving this, or any other suspicious unsolicited attachments should delete those messages without opening the attachment. If you are in doubt you can forward the email to me and I will try to figure out what is going on.
Many new trojan horse programs are distributed by Zombie PCs, under the control of a BotNet owner. These machines belong to unsuspecting people who don't know or care about securing their computers against Internet threats.
I urge you all to practice safe Hex!
------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop
-
Bobby D. Hunter
- Posts: 165
- Joined: 24 Jul 2004 12:01 am
- Location: USA
I have confirmed that the email attachment that John received contained the Win32:Sober-S Worm.
Anybody receiving an email with the Subject - "Your new Password" - addressed to "User@aol.com" and with the body text - "Your password was successfully changed!
Please see the attached file for detailed information." should delete it immediately!
------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop
Anybody receiving an email with the Subject - "Your new Password" - addressed to "User@aol.com" and with the body text - "Your password was successfully changed!
Please see the attached file for detailed information." should delete it immediately!
------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop
-
erik
- Posts: 2018
- Joined: 7 Mar 2000 1:01 am
-
Bobby D. Hunter
- Posts: 165
- Joined: 24 Jul 2004 12:01 am
- Location: USA
More info about this new threat:
VIRUS ADVISORY: W32/Sober.r@MM - Medium Risk
What is it?
The 18th variant of the first Sober virus, W32/Sober.r@MM
is a mass-mailing worm hiding inside a .ZIP attachment.
When run, the worm displays fake error messages, infects
the host computer and sends itself to stolen email
addresses. Messages may come in German or English.
What should I look for?
FROM: Varies
SUBJECT: English: Your new Password. German: Fwd:
Klassentreffen
BODY: English: Your password was successfully changed!
Please see the attached file for detailed information.
German: ich hoffe jetzt mal das ich endlich die richtige
person erwischt habe! ich habe jedenfalls mal unser
klassenfoto von damals mit angehngt.
ATTACHMENT. KlassenFoto.zip, pword_change.zip
How do I know if I've been infected?
Fake error messages displayed. Outgoing messages as noted
above. Note: Receiving an email alert stating that the
virus came from your email address is not necessarily an
indication you are infected. Mass-mailing viruses often
forge (or "spoof") the from address.
<hr>
Learn more about W32/Sober.r@MM here: http://us.mcafee.com/root/campaign.asp?cid=16001
<hr>
FreeScan checks for W32/Sober.r@MM
Scan now: http://us.mcafee.com/root/campaign.asp?cid=14462
VIRUS ADVISORY: W32/Sober.r@MM - Medium Risk
What is it?
The 18th variant of the first Sober virus, W32/Sober.r@MM
is a mass-mailing worm hiding inside a .ZIP attachment.
When run, the worm displays fake error messages, infects
the host computer and sends itself to stolen email
addresses. Messages may come in German or English.
What should I look for?
FROM: Varies
SUBJECT: English: Your new Password. German: Fwd:
Klassentreffen
BODY: English: Your password was successfully changed!
Please see the attached file for detailed information.
German: ich hoffe jetzt mal das ich endlich die richtige
person erwischt habe! ich habe jedenfalls mal unser
klassenfoto von damals mit angehngt.
ATTACHMENT. KlassenFoto.zip, pword_change.zip
How do I know if I've been infected?
Fake error messages displayed. Outgoing messages as noted
above. Note: Receiving an email alert stating that the
virus came from your email address is not necessarily an
indication you are infected. Mass-mailing viruses often
forge (or "spoof") the from address.
<hr>
Learn more about W32/Sober.r@MM here: http://us.mcafee.com/root/campaign.asp?cid=16001
<hr>
FreeScan checks for W32/Sober.r@MM
Scan now: http://us.mcafee.com/root/campaign.asp?cid=14462
-
Tony Prior
- Posts: 14712
- Joined: 17 Oct 2001 12:01 am
- Location: Charlotte NC
ruel of thumb..
delete all EMAILS if you have no clue who they are from..do not open them.
ALL FINANCIAL institutions will send a note addressed to you personally, with your account name..not your user name..
EBAY,PAYPAL, Banks...etc...
they will ask yo to go to your account and log on..
whats the worst that will happen if you miss an EMAIL ? Your EBAY account will go into a hold..or your PAYPAL account will be placed on hold..
Your password will expire ? Who cares...
big deal..
I've lived 53 years without them anyway !<font size="1" color="#8e236b"><p align="center">[This message was edited by Tony Prior on 10 October 2005 at 04:36 AM.]</p></FONT>
delete all EMAILS if you have no clue who they are from..do not open them.
ALL FINANCIAL institutions will send a note addressed to you personally, with your account name..not your user name..
EBAY,PAYPAL, Banks...etc...
they will ask yo to go to your account and log on..
whats the worst that will happen if you miss an EMAIL ? Your EBAY account will go into a hold..or your PAYPAL account will be placed on hold..
Your password will expire ? Who cares...
big deal..
I've lived 53 years without them anyway !<font size="1" color="#8e236b"><p align="center">[This message was edited by Tony Prior on 10 October 2005 at 04:36 AM.]</p></FONT>