Anti virus software
Download free anti virus software Anti virus software information Order anti virus software (US$ 29.95)
Protector Plus
Anti virus software for

 Windows
 (XP, 2000, 2003, NT, Me, 98, 95)

 Exchange
 
 NetWare











Download Antivirus software

W32/Sober.Y Worm

Information about the W32/Sober.Y Worm:

W32/Sober.Y is an email worm. The worm will infect Windows systems and spreads through email.

The infected email carries a spoofed 'From' address picked up randomly from the infected system.

The subject of the infected mail will be any one of the following:

Your Password
smtp mail failed
Your IP was logged
Mail delivery failed
Registration Confirmation
You visit illegal websites
hi,_ive_a_new_mail_address
Paris_Hilton_&_Nicole_Richie
Spam: Registration Confirmation

The body of the infected mail will be any one of the following:

Account and Password Information are attached! ---

The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures & more ;)

Download is free until Jan, 2006!

Please use our Download manager.

Account and Password Information are attached!

***** Go to: http://www.{random}.com
***** Email: {random}.com

hey its me, my old address dont work at time. i dont know why?!

in the last days ive got some mails. i' think thaz your mails but im not sure!

plz read and check ...

cyaaaaaaa

This is an automatically generated Delivery Status Notification.

SMTP_Error []
I'm afraid I wasn't able to deliver your message.
This is a permanent error; I've given up. Sorry it didn't work out.

The full mail-text and header is attached

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison

*** Federal Bureau of Investigation -FBI-
*** 935 Pennsylvania Avenue, NW, Room 3220
*** Washington, DC 20535
*** phone: (202) 324-3000

The infected attachment will be any one of the following;

list.zip
mail.zip
mailtext.zip
reg_pass.zip
downloadm.zip
mail_body.zip
reg_pass-data.zip
question_list.zip

Upon execution of the infected attachment, the worm displays a message box with the following message;

Error in Packed Header

The worm copies itself as services.exe in the Windows folder.

It also drops the following files in the Windows System folder.

bbvmwxxf.hml
rubezahl.rub
runstop.rst
nonrunso.ber
gdfjgthv.cvq
langeinf.lin

It modifies the Windows registry at the following locations to load itself during next startup;

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

To propagate itself, the worm scans the files with the following extensions and collects all the available email addresses from the infected system.

pmr, phtm, stm, slk, inbox, imb, csv, bak, imh, xhtml, imm, imh, cms, nws, vcf, ctld, htm, cgi, pp, ppt, msg, jsp, oft, vbs, uin, ldb, abc, pst, cfg, mdw, mbx, mdx, mda, adp, nab, fdb, vap, dsp, ade, sln, dsw, mde, frm, bas, adr, cls, ini, ldif, log, mdb, xml, wsh, tbb, abx, abd, adb, pl, rtf, mmf, doc, ods, nch, xls, nsf, txt, wab, eml, hlp, mht, nfo, php, asp, shtml and dbx

This worm first appeared on November 21, 2005.

Blueball Other names of W32/Sober.Y Worm:

This Worm is also known as Worm/Sober.Y, Win32/Sober.Y, Email-Worm.Win32.Sober.y, W32/Sober.gen@MM.

Click here to download a 30 day Evaluation Copy of
Protector Plus anti virus for your operating system

About Protector Plus Anti virus Software Packages:

Proland Software is the developer of Protector Plus range of anti virus software packages. Protector Plus anti virus is available for Windows XP, Windows Me/98/95, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

Protector Plus range of anti virus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware. Protector Plus antivirus software can detect and remove W32/Sober.Y Worm reliably.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

You can download the 30 day evaluation copy of
Protector Plus anti virus software free of cost for these platforms:

Windows | Exchange | NetWare

Download free anti virus software | Anti virus software information | Order anti virus software

Copyright © 2005 Proland Software. All rights reserved.


Download Antivirus software