March 08, 2004
All Viruses, All the Time...W32.Sober.D@mm

W32/Sober.d@MM is yet another mass-mailing virus. It comes as an email attachment with either a .EXE or .ZIP extension. The email message itself (in either English or German) resembles the following:

(English version)
New MyDoom Virus Variant Detected!
A new variant of the W32.Mydoom (W32.Novarg) worm spread rapidly through the Internet. Anti-virus vendor Central Command claims that 1 in 45 e-mails contains the MyDoom virus. The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 13468.

Protection:<

Please download this digitally signed attachment.

This Update includes the functionality of previously released patches.

+++

+++ One Microsoft Way, Redmond, Washington 98052

+++ Restricted Rights at 48 CFR 52.227-19 com

As always, don't open attachments you're not expecting. Microsoft has issued a statement that they will never ship patches in email; there will always be a link to any patch, and that link will point to an explanatory Web page rather than the patch itself.

Posted by dcoates at March 08, 2004 01:50 PM