ITsafe Bulletin 2005/005A (Update No. 1)



November 30th, 2005

Title
=====
ITsafe Bulletin 2005/005A (Update No. 1)

What is it?
===========
As reported in the press, new variants of the "W32/[tag]Sober[/tag]" a mass-mailing worm continue to be discovered. ITsafe already warned of this issue in 2005-BUL-004 and 2005-BUL-005 some months ago.

What does it affect?
====================
Most computers that use Microsoft Windows

What does it do?
================
The worms arrives by email, and most versions will have a spoofed "From" email address to look like they come from reputable sources, such as ITsafe's colleagues at the UK National HiTech Crime Unit (NHTCU), the FBI, or the CIA. Many versions spread themselves to others in your address book, and some worms exploit infections from previous versions of "W32/Sober", as described in ITsafe's 2005-BUL-004. Most of these worms will attempt to persuade recipients to open attachments or follow links to websites containing malicious code.

How do I protect myself?
========================
As always, exercise care when opening attachments to email messages.

How do I fix it?
================
Keep your Anti Virus Software Anti Virus Software updated with the latest signatures from your supplier. If you suspect that you have been infected, your supplier's website should contain instructions as to how you can disinfect your computer.

Notes
=====
ITsafe Bulletins are issued by e-mail when significant risks have been identified that are likely to affect the majority of ITsafe users.

ITsafe Team
Making IT safe for You
http://www.itsafe.gov.uk
The UK Alerting and Advisory Service for Information and Communications Technologies (ICT) Security

This entry was posted on Wednesday, November 30th, 2005 at 15:48 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.