resource center
  See your link here
|
IDG News Service -
Antivirus software companies warned customers about a new variant of the Sober e-mail worm that began spreading on the Internet today and masquerades as a Microsoft Corp. software update.
Sober.D is the latest version of a worm that first appeared in October. The new worm poses as a software patch that will remove the MyDoom virus from infected Windows systems, said antivirus company F-Secure Corp. in Helsinki, Finland.
F-Secure first detected the new worm variant in Germany early today. The company rated the virus a "Level 2" threat, indicating "large infections," the company said.
Like its predecessors, Sober.D spreads by skimming e-mail addresses from victims' computers, then mailing copies of itself to those addresses. Sober.D also adapts its message, inserting a German-language version into e-mail addresses belonging to German domains, such as those ending in .de, F-Secure said.
Copies of the Sober.D worm arrive in e-mail messages with the subject line "Microsoft Alert: Please Read!" or "Microsoft Alarm: Bitte Lesen!" said the antivirus company. The worm file is embedded in file attachments with the .exe or .zip file extension and names such as "Patch," "MS-Security" and "UpDate," F-Secure said.
Once the worm file has been opened, the virus places a copy of itself on the infected machine's hard drive and modifies the Windows configuration so that the worm file is launched each time Windows starts, antivirus companies said.
When run, the worm mimics a legitimate software patch, displaying a pop-up message indicating that the "patch has been successfully installed." For machines that are already infected, the worm displays a message saying that the "patch does not need to be installed on this system," F-Secure said.
It is common for worm authors to dress up their creations as software updates from Microsoft. Recent worms, including Swen and Gruel, have posed as official correspondence from the software company.
In response, Microsoft declared that it never distributes software updates using e-mail and has published guidelines for identifying legitimate e-mail from the company.
Antivirus companies posted software updates to detect the new worm and recommended that customers update their software as soon as possible to prevent against Sober.D infection.
IDG.net
Share our Strength
Download Now
Key Strategies for Managing Data Growth
What are you storage challenges?
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
