General discussion

Locked

DOWNLOA Identify/React Chart: Sober.P

By Bill Detwiler Editor ·
I suspected a new virus was loose this morning. My inbox contained hundreds more virus-infected e-mails than normal and the messages were all similar. After shifting through the messages, I noticed an alert for the Sober.P virus. My suspicions were confirmed.

The Sober.P mass-mailing worm uses its own SMTP engine to spread as an e-mail attachment, usually with a .zip extension. TechRepublic's Identify/React chart for Sober.P puts critical information for identifying and removing the virus right at your fingertips.

Download and review the chart:
http://techrepublic.com.com/5138-10595-5693436.html

Then, use this discussion thread to share your experiences fighting the Sober.P worm. Did your AV software remove the virus before it reached end users? When did you first learn of the outbreak?

Also, let us know if our Identify/React Chart: Sober.P provides helpful information and if there's anything we can do to improve the document's format or content.

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Didn't get hit

by JamesRL In reply to DOWNLOAD: Identify/React ...

Not sure whether its the corporate AV or the firewall but I haven't seen any of this. If it did get through, our PC's antivirus should be up to date.

James

Collapse -

eTrust saved me. Norton would not have

by terry In reply to DOWNLOAD: Identify/React ...

I received two emails today containing the Sober worm. eTrust (Computer associates) anti-virus detected the virus and deleted the attachments.
I have recently removed Norton Antivirus after I discovered it only performs a definitions Liveupdate every 7 days (Wednesdays) so today being a Tuesday means that Norton users are exposed! - and yes I discovered this only after Norton let a virus through.
I'm wondering whether Viruses are actually targetted to distribute prior to Norton's update schedule. Anyone any comments?
Sorry that this reply is more about Norton than the actual virus but I do feel it's about time that Symantec realised that with the amount viruses being released at present a 7 day window is much too big.
Checking the update log for eTrust reveals that I am getting updates virtually everyday - sometimes twice a day.
Have a nice day

Terry - Danmat

Collapse -

Got by Norton on my machine also

by babbling brooks In reply to eTrust saved me. Norton w ...

A message saying something about account and password information with a zip attatchment came this morning. I knew that kind of information shouldn't be in a zip file, so I deleted. The message even had a text at the bottom saying it had been checked and was virus free! Didn't know what it was till I read the newsletter today.

Collapse -

Norton is consistently guilty

by Soupy In reply to Got by Norton on my machi ...

Last ten "troubled" machines all had Norton.Sober got by their "powerful" suite again today.Housecall to the rescue for the umpteenth time.Just renewed all licenses and I literally begged the bosses to get rid of Symantec and use Panda,Nod32/Zone Alarm,or Trend-Micro.However,they liked the big discount they received from Symantec.I again shake my head as I had laid out costs/benefits,etc.,using downtime and labour costs to clearly show the benefits of change.Well,I know you've seen that vacant look...

Collapse -

My beloved Norton failed me to

by MissSysAdmin In reply to Norton is consistently gu ...

We are running Norton for Exchange Servers and Corporate Edition 9.0. on all desktops. The attachments were quarantined starting Wednesday but by then we had one infected machine. I only became suspicious after the whole company complained of receiving emails from very familiar domain names..companies we do business with. I searched for a machine that was sending SMTP traffic and when I found one I ran a scan on that machine. Only then was the virus identified (real time protection was running). THEN only after I ran the removal tool were the viral processes stopped. The machine is STILL unable to go to windows update or do live updates from symantec. I've check the hosts files...nothing there. I'm going to format the machine asap. I'm sorely dissapointed in norton

Collapse -

etrust to the rescue

by mstoumba In reply to eTrust saved me. Norton w ...

I had the same problem. I had a laptop come in with norton and it seemed to have the latest tables but didn't stop it. Etrust 7.1 is on most of my system's and it worked great.For those of you that don't know much about Etrust AV. A really nice feature of it is that you can install it for you users at home also up to the amount of licenses you have at you office. If you have 100 lic. you can install that many for your users that work at home.

Collapse -

Saved....by grace

by mary In reply to DOWNLOAD: Identify/React ...

Did the Norton updates on our system Tuesday after I noticed a suspicious jump in email attachments. While we were able to beat this bad boy virus before the real ****, we are still getting about 1000 hits from it daily. Unfortunately I have exchange 2000 and cannot block the IP addresses that most are coming from, however I understand 2003 has that option. You can bet after 5 days of deleting hundreds of bad emails, that the boss will be willing to review the cost of updating...

Collapse -

Exchange 2003

by Smaca In reply to Saved....by grace

In Exchange 2003 you do have that option.
With much more, I couldn't imagine working for a company whome you have to beg to get upgrades to your software for. Sorry :{

Collapse -

Trend Micro

by TprattBP In reply to DOWNLOAD: Identify/React ...

Trend Micro's OfficeScan did its job. We were not successfully hit.

Collapse -

One suite to cure what ales ya!

by Smaca In reply to DOWNLOAD: Identify/React ...

www.nai.com
Covers Linux Exchange Windows Lotus notes and so on, updates on schedule which I have mine checking every two hours.

distribute your packages with EPO cover your system Norton's will just not do.
It's worth your companies investment to switch now.

Back to Malware Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums