Top

Summary

Prevalence: High

Name: Sober-Q

Type: Internet Trojan

How it spreads: emails

Affected operating: Windows

Aliases: Email-Worm.Win32.Sober.q ,W32/Sober.q@MM

Date of surface: 14 May 2005

Description

Troj/Sober-Q is a mass mailing spamming internet Trojan for the Windows platform. <BR><BR>Some of the spam emails sent by this Trojan takes to respectable German news outlets, such as Spiegel etc., as reported by MicroWorld, which contain articles on:<BR><BR>"Necessasity of Health Reforms";<BR><BR>"asylum seekers receive first class private supply while medical supply for Germans abolished";<BR><BR>"Dentists- enormous content increases expense of the contribution payers" etc.<BR><BR><BR><BR>

Recovery

<b>You have to remove the virus. You need to do one of the following things:</b><BR><BR>1) The latest virus vaccine update of eScan removes the worm from your system. Ensure that Internet access for your system is running. Right click on <img src="../images/e.gif" align="absmiddle"> and click <b> Download eScan update</b>. The latest updates are downloaded,your system is scanned and the worm is removed.<BR><BR><b>OR</b><BR><BR>2) Download the free MicroWorld Anti Virus Toolkit</a> (MWAV Tool Kit). The tool checks your machine for viruses. If any illegal dialers or sniffer tools have been installed they are detected. <BR><BR><BR><a name="mwav"><b>MWAV Tool Kit</b></a><BR>(Download the free MicroWorld Anti Virus Toolkit that detects viruses in system registry and running processes)<BR><BR><a href="ftp://ftp.microworldsystems.com/download/tools/mwav.exe">Link 1</a><BR><a href="ftp://update.mailscan.info/download/tools/mwav.exe">Link 2</a><BR><a href="http://www.mwti.net/download/tools/mwav.exe">Link 3</a><BR><BR><b>eScan Internet Security Suite (ISS)</b></a><BR>(Download MicroWorld`s eScan that detects viruses in system registry,running processes and has a real time monitor)<BR><BR><a href="ftp://ftp.microworldsystems.com/download/escan/es2k3e/iwn2k3e.exe">Link 1</a><BR><a href="ftp://ftp.das.com/mwti/download/escan/iwn2k3e.exe">Link 2</a><BR><a href="ftp://mwti.matrix.lv/download/escan/iwn2k3e.exe">Link 3</a><BR><a href="ftp://update.mailscan.info/download/escan/iwn2k3e.exe">Link 4</a><BR><a href="ftp://abundis.net/download/escan/iwn2k3e.exe">Link 5</a><BR><a href="http://www.mwti.net/download/escan/es2k3e/iwn2k3e.exe">Link 6</a><BR>

Advanced

Troj/Sober-Q is a mass mailing spamming internet Trojan for the Windows platform. <BR><BR>Some of the spam emails sent by this Trojan takes to respectable German news outlets, such as Spiegel etc., which contain articles on:<BR><BR>"Necessasity of Health Reforms";<BR><BR>"asylum seekers receive first class private supply while medical supply for Germans abolished";<BR><BR>"Dentists- enormous content increases expense of the contribution payers" etc.<BR><BR>Some of the links contained in these spam mails as reported by MicroWorld are:<BR><BR><a href="http://globalfire.tv/nj/03de/politik/fruehtod_reform.htm" target="_blank">http://globalfire.tv/nj/03de/politik/fruehtod_reform.htm</a><BR><BR><a href="http://www.rp-online.de/public/article/nachrichten/politik/ausland/85804" target="_blank">http://www.rp-online.de/public/article/nachrichten/politik/ausland/85804</a><BR><BR><a href="http://www.spiegel.de/spiegel/vorab/0,1518,323476,00.html" target="_blank">http://www.spiegel.de/spiegel/vorab/0,1518,323476,00.html</a><BR><BR><a href="http://www.spiegel.de/wirtschaft/0,1518,353600,00.html" target="_blank">http://www.spiegel.de/wirtschaft/0,1518,353600,00.html</a><BR><BR><a href="http://www.mjoelnirsseite.de/2100.htm" target="_blank">http://www.mjoelnirsseite.de/2100.htm</a><BR><BR><a href="http://www.spiegel.de/wirtschaft/0,1518,338652,00.html" target="_blank">http://www.spiegel.de/wirtschaft/0,1518,338652,00.html</a>