W32/Sober.d@MM is yet another mass-mailing virus. It comes as an email attachment with either a .EXE or .ZIP extension. The email message itself (in either English or German) resembles the following:
(English version)
New MyDoom Virus Variant Detected!
A new variant of the W32.Mydoom (W32.Novarg) worm spread rapidly through the Internet. Anti-virus vendor Central Command claims that 1 in 45 e-mails contains the MyDoom virus. The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 13468.Protection:<
Please download this digitally signed attachment.
This Update includes the functionality of previously released patches.
+++
+++ One Microsoft Way, Redmond, Washington 98052
+++ Restricted Rights at 48 CFR 52.227-19 com
As always, don't open attachments you're not expecting. Microsoft has issued a statement that they will never ship patches in email; there will always be a link to any patch, and that link will point to an explanatory Web page rather than the patch itself.
Posted by dcoates at March 08, 2004 01:50 PM