WARNING!!!!

[CORZZA]

Subject: Trend Micro Medium Risk Virus Alert - WORM_SOBER.AG

>

> Dear Trend Micro customer,

>

> As of November 21, 2005 2:20 PM Pacific Standard Time (PST, GMT

> -8:00), TrendLabs has declared a Medium Risk Virus Alert to control

> the spread of WORM_SOBER.AG. TrendLabs has received several infection

> reports indicating that this malware is spreading in the USA, Belgium,

> Canada, Brazil, and New Zealand.

>

> This memory-resident worm propagates by attaching a copy of itself to

> an email message, which it sends to target recipients using its own

> Simple Mail Transfer Protocol (SMTP) engine. Since it's email

> propagation does not require any user intervention, the user is often

> unaware that this worm is sending out email messages.

>

> The email it sends out has the following details:

>

> From: {Email address generated by this worm}

>

> Subject: (any of the following)

> • hi,_ive_a_new_mail_address

> • Mail delivery failed

> • Registration Confirmation

> • smtp mail failed

> • Spam: Registration Confirmation

> • Your Password

> • Your IP was logged

> • Paris_Hilton_&_Nicole_Richie

> • You visit illegal websites

>

> Message body: (any of the following)

> hey its me, my old address dont work at time. i dont know why?!

> in the last days ive got some mails. i' think thaz your mails but im

> not sure!

> plz read and check ...

> cyaaaaaaa

>

> ---

>

> This is an automatically generated Delivery Status Notification.

>

> SMTP_Error []

> I'm afraid I wasn't able to deliver your message.

> This is a permanent error; I've given up. Sorry it didn't work out.

> The full mail-text and header is attached

>

> ---

>

> Account and Password Information are attached!

> ***** Go to: http://www.{random}.com

> ***** Email: {random}.com

>

> ---

>

> Dear Sir/Madam,

>

> we have logged your IP-address on more than 30 illegal Websites.

> Important:

> Please answer our questions!

> The list of questions are attached.

>

> Yours faithfully,

> Steven Allison

>

> *** Federal Bureau of Investigation -FBI-

> *** 935 Pennsylvania Avenue, NW, Room 3220

> *** Washington, DC 20535

> *** phone: (202) 324-3000

>

> ---

>

> Account and Password Information are attached! ---

>

> The Simple Life:

> View Paris Hilton & Nicole Richie video clips , pictures & more

> Download is free until Jan, 2006!

> Please use our Download manager.

>

>

> Attachment: (any of the following)

> • mailtext.zip

> • mail.zip

> • reg_pass.zip

> • mail.zip

> • reg_pass-data.zip

> • question_list.zip

> • list.zip

> • downloadm

> • mail_body.zip

>

>

> The attached .ZIP file contains the copy of this worm using the

> following file name:

> File-packed_dataInfo.exe

>

> When executed, it displays a fake error message box in order to trick

> a user into thinking that the file did not properly execute.

>

> This worm searches the process list of the affected system for

> mrt.exe, the Microsoft Windows Malicious Software Removal Tool

> process. If found, it terminates the said process thus making the

> system more vulnerable to malicious attacks.

>

>

> TrendLabs will be releasing the following EPS deliverables:

>

> TMCM Outbreak Prevention Policy (Beta) - 187 (Released) Official

> Pattern Release - 2.957.00 (ETA: 1.5 hrs) Damage Cleanup Template -

> 678 (Being created) Network Virus Wall - 10232 (Being created)

>

>

> For more information on WORM_SOBER.AG, you can visit our Web site at:

> http://www.trendmicro.com/vinfo/virusencyc...e=WORM_SOBER.AG

[ZEEROLLA]

I SAY CAPITAL PUNISHMENT FOR THESE PEOPLE, but no death penalties :P

[CORZZA]

yeah!

[evo]

some weird **** hey..

i just received one of them. the thing is.. i haven't opened it (don't have preview panes either.. don't like em) but I already had an email from a work email antivirus filter saying i tried to send this email.

maybe i have to update outlook :/