Press Release Summary = Thanks to the special implementation of the Dr.Web virus base, in which just a single entry allows to detect tens, or hundreds, or even thousands similar viruses, registered users of our program were completely protected against this new worm BEFORE it was even written and BEFORE the epidemic outburst.
Press Release Body = Let us image you received a message. This time it does not ask you to have a look at spicy pictures - you are already wise and never open such attachments. The message reads.
From: Post@fbi.gov Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, Steven Allison *** Federal Bureau of Investigation -FBI- *** 935 Pennsylvania Avenue, NW, Room 3220 *** Washington, DC 20535 *** phone: (202) 324-3000
Yes, it really looks like a message from FBI. Or CIA - variants are possible. The senders' address "undoubtedly" points to these governmental organizations BKA@bka.bund.de - German police Department@cia.gov - CIA Post@fbi.gov - FBI
What is your first reaction? Right - fear, and a keen desire to open the attachment to have a look what serious people from a more than serious organizations are interested in. And that is the trap! The social engineering trick hits the nail on the head! As it was planned by the author of the new Sober worm (classified by the Dr.Web Anti-virus as Win32.HLLM.Generic.355). Being like a pea in the pod with most other variants, this time it is distributed under the excellent cover of FBI or CIA.
Thanks to the special implementation of the Dr.Web virus base, in which just a single entry allows to detect tens, or hundreds, or even thousands similar viruses, registered users of our program were completely protected against this new worm BEFORE it was even written and BEFORE the epidemic outburst. This is also proved by the last investigation of a well-known av-tester from Magdeburg, Germany - Andreas Marx. In his last test of the response speed of av-vendors to the outbreak of the new Internet worm, Dr.Web was among a few antivirus programs which could PROACTIVELY - i.e. without release of a new virus definition to the base - detect the new threat.
At present, this variety of the malicious code prevails in messages stopped by the Dr.Web anti-virus filters at mail servers of our users. Its share in the infected traffic exceeds 33 per cent. The top virus ten looks as follows