1. /
  2. Security Response/
  3. Wobbler Hoax

Wobbler Hoax

Updated:
February 13, 2007 11:32:55 AM
Type:
Hoax

The following messages are both versions of the same hoax:

Sample 1

Dear All,
For your reference, take necessary precautions. If you receive an email with a file called California, do not open the file. The file contains WOBBLER virus. WARNING This information was announced yesterday morning from IBM; AOL states that this is a very dangerous virus, much worse than "Melissa", and that there is NO remedy for it at this time. Some very sick individual has succeeded in using the reformat function from Norton Utilities causing it to completely erase all documents on the hard drive. It has been designed to work with Netscape Navigator and Microsoft Internet Explorer. It destroys Macintosh and IBM compatible computers. This is a new, very malicious virus and not many people know about it.


Sample 2

VIRUS ALERT If you receive an email with a file called "California" do not open the file. The file contains the virus. This information was announced yesterday morning by IBM. The report says that "this is a very dangerous virus, much worse than "Melissa" and there is NO remedy for it at this time. Some very sick individual has succeeded in using the reformat function from Norton Utilities causing it to completely erase all documents on the hard drive. It has been designed to work with Netscape Navigator and Microsoft Internet Explorer. It destroys Macintosh and IBM compatible computers. This is a new, very malicious virus and not many people know about it at this time. Please pass this warning to everyone in your address book and share it with all your online friends asap so that the destruction it can cause may be minimized.

Note

JS/VBS.LostSoul.Worm is a worm that spreads via email. When executed, it displays a text file containing one of the above hoax messages. The attachment in the email message is named Wobbler.txt.jse or Wobbler.txt.vbe. When opened, these attachments create and execute a temporary file containing malicious code.Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it.

Writeup By: Motoaki Yamamura
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver