Football Fans Tricked Into A Virus
Be warned. A fake online offer for free tickets to the FIFA World Cup 2006 downloads a virus.
Trend Micro have issued a “medium risk” alert to raise awareness of a new variant of the “Sober” viral worm that mass mails itself through SMTP email, and is socially engineered to trick users into opening the file attachment containing the worm program.
One of the tricks is pretending to be an offer
for free tickets to the World Cup 2006 games in Germany, from the Federation
Internationale de Football Association (FIFA). WORM_SOBER.S has been sighted in
Germany and the U.S., in German and English languages.
Similar to previous variants, WORM_SOBER.S spreads by mass-mailing itself
through its own SMTP engine, gathering new recipients from each victim's
computer, yet avoids sending to certain domains, particularly to companies
involved in the antivirus and security industry.
WORM_SOBER.S arrives under a variety of subject headers, message bodies, and
attachments. The “from” address may appear as
• Admin
• Hostmaster
• Info
• Webmaster
And include attachments named
• PassWort-Info.zip
• account_info-text.zip
• autoemail-text.zip
One such variation appears to be an official communication from the FIFA
organization, stating “Congratulations, you have won free tickets,” and arrives
with the attachment “Fifa_Info-Text.zip.” The recipient would believe they had
won highly coveted tickets to the annual football event, to be held in Germany
in 2006. Instead, once the user opens the attachment, an error message appears,
and the worm is launched.
Once it has infected a system, WORM_SOBER.S drops several files on the infected
system and modifies Windows registries to execute again at each system startup.
WORM_SOBER.S arrives in a file about 53 KB in size, and can be in UPX format. It
can affect Windows 98, ME, NT, 2000 and XP platforms.
For more information on WORM_SOBER.S, please visit http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VN...
Other users should use Trend Micro’s free online
virus scanner, Housecall, which can be found at
http://housecall.trendmicro.com/
Have your say...
Be the first to leave your comment.
Send To A Friend
Printer Friendly
Add Page To Favorites
Green Issues With Michael Wale
Apple Lovers
Michael Wale visits a Herefordshire orchard brought back to life by the public.
Spotlight
Meet 50connect's Columnists
From relationship advice to environmental issues; life as an ex-pat living in France and the highs and lows of going back to study; read the latest from our regular contributors.
Bookmark with:
Don’t know what this is?
Read the 50connect Guide To Social Bookmarking.