From: Gary Hicks [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 04, 2006 8:31 AM
To: Premier Contacts
Subject: Announcement - Microsoft Security Advisory (912920) Released
This Alert is to advise you that Microsoft Security Advisory (912920),
Systems that are infected with Win32/[EMAIL PROTECTED] may download and run
malicious files from certain Web domains beginning on January 6, 2006 has
been released.
Microsoft is aware of the Sober mass mailer worm variant named
Win32/[EMAIL PROTECTED] The worm tries to entice users through social engineering
efforts into opening an attached file or executable in e-mail. If the
recipient opens the file or executable, the worm sends itself to all the
contacts that are contained in the systems address book. Customers who are
using the most recent and updated antivirus software are at a reduced risk
from infection by the Win32/[EMAIL PROTECTED] worm.
On systems that are infected by Win32/[EMAIL PROTECTED], the malware is programmed
to download and run malicious files from certain Web domains beginning on
January 6, 2006. Beginning approximately every two weeks thereafter, the
worm is set to begin downloading and running malicious files from additional
sites on the same Web domains.
As with all currently known variants of the Sober worm, the worm does not
appear to target a security vulnerability, but rather relies on the user
opening an infected attachment.
Microsoft added detection for the latest Sober variants in its December 2005
update to the Malicious Software Removal Tool and in the Windows Live Safety
Center.
Customers who believe that they are infected with Sober or are not sure
whether they are infected should visit Safety.live.com and choose
"Protection Scan" or run the latest version of the Malicious Software
Removal Tool from either Microsoft Update or Windows Update to ensure that
their systems are free of infection. Additionally, Windows OneCare from
Microsoft provides detection for and protection against Sober and its known
variants.
Microsoft will release an updated version of the Malicious Software Removal
Tool on January 10, 2006, that will further assist in the detection and
removal of known malware threats including Sober and its known variants. See
Microsoft Knowledge Base Article 891716 for additional details on how to
deploy the Malicious Software Removal Tool with the latest definitions to
help protect against malware.
For more information about Sober, to help determine whether you have been
infected by the worm, and for instructions on how to repair your system if
you have been infected, see the Microsoft Virus Encyclopedia. For Microsoft
Virus Encyclopedia references, see the Overview section. We continue to
encourage customers to use caution with unknown file attachments and to
follow our Protect Your PC guidance of enabling a firewall, getting software
updates, and installing antivirus software. Customers can learn more about
these steps by visiting the Protect Your PC Web site.
Mitigating Factors:
Customers must open a malicious e-mail attachment in order to be infected
by the worm.
More information can be found at:
http://www.microsoft.com/technet/security/advisory/912920.mspx
If you have any questions regarding this alert please contact your Technical
Account Manager or Application Development Consultant.
Thank you,
Microsoft PSS Security Team
