November 2005
New W32/Sober, W32/Mytob and W32/Bagle worm variants
ID: 01042
Ref: 977/05
Date: 23 November 2005:17:07:13
Version: 1
Title: New W32/Sober, W32/Mytob and W32/Bagle worm variants
Abstract: The past week has seen a number of new Mytob and Sober worm variants. Reports (not yet verified) have been received this afternoon of a new Bagle variant.
Vendors affected: Microsoft
Operating systems affected: Microsoft
Title
=====
New W32/Sober, W32/Mytob and W32/Bagle worm variants
Detail
======
The past week has seen a number of new Mytob and Sober worm variants. Reports
(not yet verified) have been received this afternoon of a new Bagle variant.
All these worms continue to employ social engineering techniques to persuade
recipients to open attachments, follow links to websites containing malicious
code, or take some other action that will lead to the compromise of their
systems. W32/Sober@MM, for example, contains the following text:
"we have logged your IP-address on more than 30 illegal Websites"
purports to come from the Central Intelligence Agency in Washington, and
contains an infected executable attachment.
Mitigation
==========
Users should ensure they are running up-to-date anti-virus software, and be wary
of handling e-mail attachments. They should also exercise caution in visiting
untrusted web sites.
References
==========
Symantec latest virus threats
http://www.symantec.com/avcenter/global/vinfodb.html
McAfee W32/Sober@MM
http://vil.nai.com/vil/content/v_137072.htm