RE: F-Secure: Sober.Y (Fake FBI e-Mail) Becoming Huge

["Fergie" <fergdawg () netzero net>]

There have been -- what? 25 or 30 Sober variants seeded?

The only reason this one was more succesful than the others
is the stupidity of humans to succumb -- once again -- to social
engineering. Fear of the law (read: the FBI/CIA scam 'From:').

It ain't _that_ comlpicated, regardles of the fact that some
hack managed to change a few bits to avoid detection. :-)

- ferg

-- "Debasis Mohanty" <debasis () hackingspirits com> wrote:

I came across this worm in the month of Feb, 2005. Oh! so it striked back
again.. 

I did a quick reverse engg on this worm as then (talking about somewhere
around Feb, 2005) there were no advisory released from any AV vendor and
even virustotal wasn't able to detect it. I released a paper on it on 25th
Feb, 2005. The complete analysis can be downloaded from here :
http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp 


-:: Tr0y ::-
www.hackingspirits.com

[snip]

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.