General discussion

Locked

Question on the Sober.I worm

By sfath ·
I have a client that is receiving all kinds of emails that fit the description of the Sober.I worm. All anti-virus patterns are up to date and I ran the removal tool from Symantec with no virus found. The emails keep coming. Looking at the Internet Header information the originating IP is from a local contact. The contact said the IP is assigned to his group but it is not in use??? Will the worm spoof an IP address as well as the sender?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by dustyD In reply to Question on the Sober.I w ...

No, IP addresses in the header will not be spoofed. Have the contact run the removal tool available from Symantec.
For details and to confirm the infection, go here:
//securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html">http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html

Of course, you have to get them to 'fess up to having the IP address and an infection, which they may not want to admit, but if they're at all concerned, they will probably proceed with the removal.

Collapse -

by sfath In reply to

Thanks, just what I thought but wasn't sure. So many new virus and worms! The hard part will be the 'fessing up part'

Thanks again

Collapse -

by sfath In reply to Question on the Sober.I w ...

This question was closed by the author

Back to Desktop Forum
3 total posts (Page 1 of 1)  

Related Forums