============================================================

VIRUS ADVISORY: W32/Sober.j@MM – Medium Risk

————————————————————

Current VirusScan users with DAT 4409 are protected from

this threat. Learn more about W32/Sober.j@MM here:

http://us.mcafee.com/root/campaign.asp?cid=12696

FreeScan checks for W32/Sober.j@MM.

Scan now:

http://us.mcafee.com/root/campaign.asp?cid=12697

============================================================

–> What is it?

W32/Sober.j@MM is a Medium Risk mass-mailing worm that

arrives as an email attachment. When run, the worm displays

a series of fake error messages (e.g., WinZip_Data_Module is

missing ~Error: {2A0DCCF6}), infects the host computer and

emails itself to stolen email addresses using the infected

computer’s Internet connection.

Up-to-date McAfee VirusScan users with DAT 4409 are

protected from this threat.

Note: To fortify your anti-virus defense against threats

like W32/Sober.j@MM that need Internet access to spread, we

recommend installing McAfee Personal Firewall Plus:

http://us.mcafee.com/root/campaign.asp?cid=11276

–> What should I look for?

FROM: Varies (forged addresses taken from infected system)

SUBJECT: Example: FwD: illegal signs in your email

BODY: Example: More info about–GZIP–under: wwwgzip.org

ATTACHMENT: Examples: mail.4052.scr, verisign.2095.pif,

re_mail8831.bat

–> How do I know if I’ve been infected?

Fake error messages displayed. Increased network traffic on

TCP port 37. Alerts from a desktop firewall (if installed)

that a new application is trying to access the Internet.

–> How do I find out more?

View details about W32/Sober.j@MM here.

http://us.mcafee.com/root/campaign.asp?cid=12696