Sunday, 15 February 2004

I fear Greeks, even when bearing Gifts

Or in the original, "timeo Danaos et dona ferentes". In fact, I also fear Belgians, Spaniards, and Swiss too. And as for Danes, here's an e-mail I just received:
hello, I am from Denmark and you'll don't believe me,
but a trojan horse in on your pc.
I've scanned the network-ports on the internet. (I know, that's illegal)
And I have found your pc. Your pc is open on the internet for everybody!
Because the services.exe trojan is running on your system.
Check this, open the task manager and try to stop that!
You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!

On my system was this trojan, too!
And I've found a tool to kill that bad thing.
I hope that I've helped you!

Sorry for my bad english!

Attached was a file that went straight into my Vivisection Bin, where I carefully pry the thing apart to find out exactly what the worm/virus/trojan is, and what it does. Using my UberGeek powers, I soon identified it as the WORM_SOBER.C. A full description of what it does is available. I also received a "You are an Idiot" version on the same day, so this virus is probably undergoing a resurgence.

So You Have Been Warned.

But if the warning comes too late, a removal tool is available.

