Rapid7 Vulnerability & Exploit Database

W32.Sober@mm worm infection

Back to Search

W32.Sober@mm worm infection

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
01/05/2005
Created
07/25/2018
Added
01/05/2005
Modified
12/04/2013

Description

Evidence of infection with the W32.Sober@mm worm has been found on the system. W32.Sober@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. The subject of the email varies, and it will be in either English or German.The name of the email attachment varies, and it will have a .bat, .com, .exe, .pif, or .scr file extension.

This threat is written in the Microsoft Visual Basic programming language and is compressed with UPX. When W32.Sober@mm is first run, it may display the fake error message "File not complete!"

Solution(s)

  • winreg-sober-worm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;