funsec mailing list archives
RE: F-Secure: Sober.Y (Fake FBI e-Mail) Becoming Huge
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 23 Nov 2005 04:02:49 GMT
There have been -- what? 25 or 30 Sober variants seeded? The only reason this one was more succesful than the others is the stupidity of humans to succumb -- once again -- to social engineering. Fear of the law (read: the FBI/CIA scam 'From:'). It ain't _that_ comlpicated, regardles of the fact that some hack managed to change a few bits to avoid detection. :-) - ferg -- "Debasis Mohanty" <debasis () hackingspirits com> wrote: I came across this worm in the month of Feb, 2005. Oh! so it striked back again.. I did a quick reverse engg on this worm as then (talking about somewhere around Feb, 2005) there were no advisory released from any AV vendor and even virustotal wasn't able to detect it. I released a paper on it on 25th Feb, 2005. The complete analysis can be downloaded from here : http://www.hackingspirits.com/eth-hac/papers/whitepapers.asp -:: Tr0y ::- www.hackingspirits.com [snip] -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- F-Secure: Sober.Y (Fake FBI e-Mail) Becoming Huge Fergie (Nov 22)
- RE: F-Secure: Sober.Y (Fake FBI e-Mail) Becoming Huge Debasis Mohanty (Nov 22)
- <Possible follow-ups>
- RE: F-Secure: Sober.Y (Fake FBI e-Mail) Becoming Huge Fergie (Nov 22)