Crv se upgrade-uje na zarazenim masinama!

Crv se upgrade-uje na zarazenim masinama!

offline
  • SINGI
  • Pridružio: 22 Avg 2003
  • Poruke: 787
  • Gde živiš: Beograd

Crv Sober.P je poceo sam sebe da upgrade-uje na svim masinama koje su njime vec zarazene!

Ovo je nedavno vec vidjeno kada se Sober.g upgrade-ovao u Sober.h, a Sober.h zatim poceo da salje spam.

Evo vesti:

Anti-virus firm Kaspersky has just discovered a new Sober worm variant. The Sober.Q worm which is download by computers that are infected with the Sober.P worm. Sober.P suddenly stopped spreading on Tuesday because the virus creator altered the code of the worm.

This is possible because Sober.P has built-in functionality to connect to websites to download and update its code. This is dangerous because it opens a wide range of possibilities for the virus author, like launching a major spam campaign or a DDoS attack.

The new Sober.Q worm hasn't begun spreading yet, possibly because the author wants to wait until enough computers have been infected by the Sober.Q variant.

Sober.Q includes a German message in which the author refers to some online articles which called him a spammer. He says he is not a spammer, but might turn into one.

The original Sober.P worm was quite active on the internet until Tuesday, it tricked users into believing they had won a ticket to the 2006 World Cup in Germany but other variants were also spreading on the web.

But suddenly on Tuesday the worm stopped spreading, security experts were amazed but they soon discovered that the worm was 'upgrading' itself on infected systems to Sober.Q. On Saturday Sober.Q wasn't active yet but today anti-virus firm Kaspersky reports Sober.Q has become active. The worm doesn't spread itself but sends out huge loads of spam messages that link to right winged articles.

I have received quite a few of these Sober.Q e-mails myself. They are either in German or English and they ask the recipient to follow a link to read an article on a website. Up till now computers infected with Sober.Q solely spread these spam messages, they do not spread the worm (yet).

One of the e-mails I received was about the Dresden bombing at the end of the second World War and linked to Spiegel.de. Most linked articles appear to be political and quite right-wing. In a way we're seeing the same story as with Sober.G a year ago. Sober.G downloaded Sober.H and Sober.H in turn sent out enormous amounts of racist spam in June 2004.

Last year the Netherlands were completely flooded by e-mails generated by Sober.H, judging from the numbers that Sober.P generated just before it stopped spreading it probably won't be that much different this time.

Izvor: www.dvhardware.net/article4950.html



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Ceva  Male
  • Super građanin
  • Pridružio: 10 Mar 2005
  • Poruke: 1312
  • Gde živiš: Leskovac

Uau kakav ruzan crv.



offline
  • Feky 
  • Ugledni građanin
  • Pridružio: 03 Maj 2005
  • Poruke: 482
  • Gde živiš: Senta

Taj autor bas zna kako se pisu zli porgrami Wink

Salim se...bas je glup.
I ja dobijam gomilu spam-a (oko 20 na dan) ali imam dobar filter pa eto tako se zastitim Smile

I ja sam citao nesto na pandasoftware.com o nekom gadnom Sober.V crvu,ali na srecu jos nisam dobijao e-mail sa Sober-om.
Inace imam obicaj da pogledam onu listu koja se azurira u realnom vremenu i sadrzi par najnovije otkrivenih virusa na KAV sajtu.

offline
  • SINGI
  • Pridružio: 22 Avg 2003
  • Poruke: 787
  • Gde živiš: Beograd

Uh, al' ovaj udara...od 19:54 do 19:56 ulovljen 61 komad!

Od 19:56 do sada - zatisje Smile

offline
  • Feky 
  • Ugledni građanin
  • Pridružio: 03 Maj 2005
  • Poruke: 482
  • Gde živiš: Senta

Bogami Wink

offline
  • Ceva  Male
  • Super građanin
  • Pridružio: 10 Mar 2005
  • Poruke: 1312
  • Gde živiš: Leskovac

Znaci crv nije normalan.

offline
  • m4rk0  Male
  • Administrator
  • Administrator tech foruma
  • Marko Vasić
  • Gladijator - Maximus Decimus Meridius
  • Pridružio: 14 Jan 2005
  • Poruke: 15766
  • Gde živiš: Majur (Colosseum)

@Ceva
OK, to smo utvrdili Bebee Dol

offline
  • Feky 
  • Ugledni građanin
  • Pridružio: 03 Maj 2005
  • Poruke: 482
  • Gde živiš: Senta

Sem toga sto nije normalan,cudi me kako je jedan toliko bolestan um kao od tog autora crva Sober-a mogao da smisli tako genijalnu ideju.

Ako bih bio pisac virusa,ja sigurno ne bih bio tako kreativan i pun ideja kao taj covek.

PS: Nemojte misliti da ga hvalim Smile

offline
  • SINGI
  • Pridružio: 22 Avg 2003
  • Poruke: 787
  • Gde živiš: Beograd

Kaspersky Lab, a leading developer of secure content management
solutions, has detected a new version of Sober,
Email-Worm.Win32.Sober.q. It was downloaded to machines which had been
infected by Sober.p, and is effectively a modification of Sober.q.
However it is unable to replicate, but instead sends right wing spam to
addresses found on the victim machine.


Sober.q copies itself to the Windows system directory, and changes the
system registry so that the worm will be activated each time Windows is
rebooted on the victim machine. It also drops a number of other files to
the infected system. Sober.q harvests email addresses from the infected
computer, saves these addresses, and then sends spam messages to the
addresses harvested, except for addresses which appear to belong to
antivirus vendors and software developers.


The worm also drops a file which contains a message from the author:
"Ich bin immer noch kein Spammer! Aber sollte vielleicht einer werden Smile
In diesem Sinne" (I'm not a spammer yet! But maybe I'll become one : )
This file also contains links to articles published on the Internet
stating that Sober is being used to create botnets - networks of
infected machines, which can then be used to send spam.

Rather than replicating, Sober.q sends spam in both German and English.
German language messages are sent to recipients in .de, .ch, .at, .li,
and .gmx domains. The messages contain right wing texts, and links to
right wing sites. All other recipients receive messages in English -
however, the contents are still politically right wing. The worm
contains several dozen possible message versions. Although the sites
contain material which may be offensive to readers, all the addresses
are genuine, and there is no malware on these sites which could infect a
machine being used to view the sites.

Similar to previous version of Sober, Sober.q connects to a number of
NTP servers and monitors the system time and date on the infected
machine. Once the system date passes 11th May, Sober.q will attempt to
terminate a number of processes (microsoftanti, gcas, gcip,
giantanti, inetupd, nod32kui, nod32, fxsob, s-t-i-n-g, hijack,
sober ) which will make it harder to remove the worm.

Kaspersky Anti-Virus databases were updated with protection against
Sober.q shortly after the new worm was detected. A full description is
available in the Kaspersky Virus Encyclopaedia.

Kaspersky Labs Corporate Communications

Ko je trenutno na forumu
 

Ukupno su 472 korisnika na forumu :: 4 registrovanih, 1 sakriven i 467 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Mixelotti, Oscar2, shaja1, W123