republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » How Sober activates
Search Topic:
Uniqs:
379		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
My machine »
« Cisco Switch and Nat  
AuthorAll Replies


photobum

join:2005-11-04
Fairborn, OH		How Sober activates

»www.f-secure.com/weblog/archives···00000729
to forum · permalink · · 2005-12-09 09:10:24 · Reply to this


gracie
Geek Goddess
Premium
join:2003-07-15
confusion

 interesting article; seems to be on target. i like sending these to newbies i'm trying to educate, as many enjoy seeing something that explains what to them is just dark mystery and makes them a bit more proactive in wanting to stay protected.
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide
Creating & Hosting SuperSites Worldwide
to forum · permalink · · 2005-12-09 09:51:25 · Reply to this

B
Premium,MVM
join:2000-10-28

 Great analysis by F-Secure...

They look like this. These are the download sites Sober.Y will start using on 5th of January. We're leaving out the filename of the actual executable, but this should be good enough list of addresses you might want to block at your corporate firewall, if you're a system administrator:

»people.freenet.de/gixcihnm/
»people.freenet.de/tobtrfjabzw/
»people.freenet.de/utzmfucaau/
»people.freenet.de/phyibrpkcpl/
»people.freenet.de/lhxrdryo/
»people.freenet.de/yediykdq/
»people.freenet.de/bjjhdkybpyaj/
»scifi.pages.at/agzytvfbybn/
»home.pages.at/bdalczxpctcb/
»free.pages.at/ftvuefbumebug/
»home.arcor.de/ijdsqkkxuwp/
»home.arcor.de/ldhdytdu/
»home.arcor.de/wdqodvdhwwese/
»home.arcor.de/frweemrecuvw/
»home.arcor.de/nulmjznomnt/

Right now, none of these URLs exist. If they are to be used, the virus writer will register them just before the activation.
So if someone (like, you know, a guy with a badge) persuades these web hosts to render those URLs harmless, Sober.Y is dead for this round?

-- B
--
In a realm outside causality and function
to forum · permalink · · 2005-12-09 10:32:11 · Reply to this

mysec
Premium
join:2005-11-29

edit:
December 9th, @11:31AM
How would you prevent Sober from installing?

It has to be opened from an email attachment (which you would never do, of course) but what about others' home systems - how would you have them protect against Sober in case of the inadvertent "click on this"?

First image shows how SoberQ installs.

»rsjones.net/img/soberQ_1.gif

Second image shows one way of preventing installation.

»rsjones.net/img/soberQ_3.gif
to forum · permalink · · 2005-12-09 11:19:25 · Reply to this
Forums » Up and Running » Security » SecurityMy machine »
« Cisco Switch and Nat  

Thursday, 08-Jan 04:10:25 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [160] New Comcast Throttling System 100% Online
· [112] After 10 Years Of Service, Charter Declares Home 'Unserviceable'
· [105] iTunes Dumps The DRM
· [71] AT&T, Verizon Stocks Tumble
· [54] Feds Start Wait List For DTV Converter Coupons
· [52] Cable To Grab 75% Of New Subs In 2009
· [48] DOCSIS 3.0 Gets Faster
· [40] Verizon Again Tweaks DSL Bundles
· [38] Netflix Via LG HDTVs
· [37] New Zealand's 'One Strike' Piracy Law
Most people now reading
· How to download windows 7 beta [Microsoft help]
· MLPPP: Fail - ERX06 [TekSavvy]
· What the heck is going on in SoCal? [Road Runner]
· [ Professions] Northrend Herbalism and Mining Tracks [World of Warcraft]
· What's the issue with shipping to a PO Box? [General Questions]
· Can't order UVerse and then cancel TV later [AT&T U-verse]
· Customers punished and sent to ERX06 ! [TekSavvy]
· [XP Home] Disk Defragmenter could not start. [Microsoft help]
· 2WIRE MODEM DOES'T HAVE A GOOD WIRELESS RANGE [2Wire]
· SE567 and Playstation 3 [cover,1677]