resource center
  See your link here
|
IDG News Service -
Antivirus software companies warned customers about a new variant of the Sober e-mail worm that began spreading on the Internet today and masquerades as a Microsoft Corp. software update.
Sober.D is the latest version of a worm that first appeared in October. The new worm poses as a software patch that will remove the MyDoom virus from infected Windows systems, said antivirus company F-Secure Corp. in Helsinki, Finland.
F-Secure first detected the new worm variant in Germany early today. The company rated the virus a "Level 2" threat, indicating "large infections," the company said.
Like its predecessors, Sober.D spreads by skimming e-mail addresses from victims' computers, then mailing copies of itself to those addresses. Sober.D also adapts its message, inserting a German-language version into e-mail addresses belonging to German domains, such as those ending in .de, F-Secure said.
Copies of the Sober.D worm arrive in e-mail messages with the subject line "Microsoft Alert: Please Read!" or "Microsoft Alarm: Bitte Lesen!" said the antivirus company. The worm file is embedded in file attachments with the .exe or .zip file extension and names such as "Patch," "MS-Security" and "UpDate," F-Secure said.
Once the worm file has been opened, the virus places a copy of itself on the infected machine's hard drive and modifies the Windows configuration so that the worm file is launched each time Windows starts, antivirus companies said.
When run, the worm mimics a legitimate software patch, displaying a pop-up message indicating that the "patch has been successfully installed." For machines that are already infected, the worm displays a message saying that the "patch does not need to be installed on this system," F-Secure said.
It is common for worm authors to dress up their creations as software updates from Microsoft. Recent worms, including Swen and Gruel, have posed as official correspondence from the software company.
In response, Microsoft declared that it never distributes software updates using e-mail and has published guidelines for identifying legitimate e-mail from the company.
Antivirus companies posted software updates to detect the new worm and recommended that customers update their software as soon as possible to prevent against Sober.D infection.
IDG.net
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
