NEWS FROM THE LAB - Thursday, October 6, 2005

New Sober, new CME Posted by Mikko @ 07:51 GMT

wenn ich aber wieder mal die falsche person erwischt habe, dann sorry für die belästigung
This German worm has been spammed during last hours. We have several sightings of the seeding but no real infection reports.

This variant sends itself either in a generic English message or a longer German message from "Kerstin", "Rita", "Hannelore" etc. The message tells a story about a school reunion, and asks if you are the person in the attached picture...which of course is not a picture.

This is also a good opportunity to showcase the new Common Malware Enumeration (CME) initiative, which has been introduced today at the Virus Bulletin 2005 conference in Dublin.

This new Sober variant goes by a variety of names, including Sober.R, Email-Worm.Win32.VB.b, W32.Sober.Q@mm, W32/Sober-O etc.

However, the CME identifier for this threat is: CME-151. And all the important vendors use the same identifier for it.