NEWS FROM THE LAB - Thursday, October 6, 2005

New Sober, new CME Posted by Mikko @ 07:51 GMT

wenn ich aber wieder mal die falsche person erwischt habe, dann sorry f�r die bel�stigung
This German worm has been spammed during last hours. We have several sightings of the seeding but no real infection reports.

This variant sends itself either in a generic English message or a longer German message from "Kerstin", "Rita", "Hannelore" etc. The message tells a story about a school reunion, and asks if you are the person in the attached picture...which of course is not a picture.

This is also a good opportunity to showcase the new Common Malware Enumeration (CME) initiative, which has been introduced today at the Virus Bulletin 2005 conference in Dublin.

This new Sober variant goes by a variety of names, including Sober.R, Email-Worm.Win32.VB.b, W32.Sober.Q@mm, W32/Sober-O etc.

However, the CME identifier for this threat is: CME-151. And all the important vendors use the same identifier for it.