Security news
Security news8 March 2004
Sophos warns of bilingual bogus Microsoft virus fix. Sober-D worm poses as zipped security patch
Sophos researchers have warned customers to be wary of a bilingual bogus Microsoft virus fix, which claims to protect against the MyDoom worm.
The W32/Roca-A worm (also known as W32/Sober-D), has already been sighted several times in the wild, and arrives in the form of an email with the following characteristics:
-
Subject line:
Microsoft Alert: Please Read!
Message text:
New MyDoom Virus Variant Detected!
A new variant of the W32.Mydoom (W32.Novarg) worm spread rapidly through the Internet. Anti-virus vendor Central Command claims that 1 in 45 e-mails contains the MyDoom virus. The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 13468.
Protection:
Please download this digitally signed attachment. This Update includes the functionality of previously released patches.
+++ 2004 Microsoft Corporation. All rights reserved.
+++ One Microsoft Way, Redmond, Washington 98052
+++ Restricted Rights at 48 CFR 52.227-19
Attached to the email is a ZIP file, which contains the W32/Roca-A worm. If the worm determines it is being sent to a German email address, it presents itself in German language instead of English.
"As the Sober-C worm has shown in recent months, viruses which use more than one language when communicating with users can be more successful at not raising suspicion," said Graham Cluley, senior technology consultant for Sophos. "Companies should ensure their anti-virus software is automatically updated, and screen for dangerous filetypes at their email perimeter."
