From: Jayme Zupkow [mailto:[log in to unmask]]
Sent: Wednesday, January 04, 2006 6:05 AM
To: Bryan, George R. Jr; Kanofsky, Mike L.
Subject: Announcement - Microsoft Security Advisory (912920) Released
(I am sending this to you on behalf of your Technical Account Manager
Fred Bonet - who is on vacation. Please feel free to contact me if you
have any questions about this advisory.)
This Alert is to advise you that Microsoft Security Advisory (912920),
Systems that are infected with Win32/Sober.Z@mm may download and run
malicious files from certain Web domains beginning on January 6, 2006
has been released.
Microsoft is aware of the Sober mass mailer worm variant named
[log in to unmask] The worm tries to entice users through social
engineering efforts into opening an attached file or executable in
e-mail. If the recipient opens the file or executable, the worm sends
itself to all the contacts that are contained in the system's address
book. Customers who are using the most recent and updated antivirus
software are at a reduced risk from infection by the Win32/Sober.Z@mm
On systems that are infected by Win32/Sober.Z@mm, the malware is
programmed to download and run malicious files from certain Web domains
beginning on January 6, 2006. Beginning approximately every two weeks
thereafter, the worm is set to begin downloading and running malicious
files from additional sites on the same Web domains.
As with all currently known variants of the Sober worm, the worm does
not appear to target a security vulnerability, but rather relies on the
user opening an infected attachment.
Microsoft added detection for the latest Sober variants in its December
2005 update to the Malicious Software Removal Tool and in the Windows
Live Safety Center.
Customers who believe that they are infected with Sober or are not sure
whether they are infected should visit Safety.live.com and choose
"Protection Scan" or run the latest version of the Malicious Software
Removal Tool from either Microsoft Update or Windows Update to ensure
that their systems are free of infection. Additionally, Windows OneCare
from Microsoft provides detection for and protection against Sober and
its known variants.
Microsoft will release an updated version of the Malicious Software
Removal Tool on January 10, 2006, that will further assist in the
detection and removal of known malware threats including Sober and its
known variants. See Microsoft Knowledge Base Article 891716 for
additional details on how to deploy the Malicious Software Removal Tool
with the latest definitions to help protect against malware.
For more information about Sober, to help determine whether you have
been infected by the worm, and for instructions on how to repair your
system if you have been infected, see the Microsoft Virus Encyclopedia.
For Microsoft Virus Encyclopedia references, see the "Overview" section.
We continue to encourage customers to use caution with unknown file
attachments and to follow our Protect Your PC guidance of enabling a
firewall, getting software updates, and installing antivirus software.
Customers can learn more about these steps by visiting the Protect Your
PC Web site.
* Customers must open a malicious e-mail attachment in order to be
infected by the worm.
More information can be found at:
If you have any questions regarding this alert please contact me for
Jayme A. Zupkow
Technical Account Manager
US Enterprise Services -State, Local Government, and Education
Phone: (980) 776-9764
Email: [log in to unmask]
If you are not completely satisfied with the support you have received,
I want to know!