New Sober variant spreading
IDG News Service -
SAN FRANCISCO -- A new version of the Sober e-mail worm started spreading in Europe last week, according to antivirus software vendors, which have given the worm a midlevel threat rating.
By the end of the workday in Europe, the worm had spread to North America and was propagating there as well, said Marius van Oers, an Amsterdam-based antivirus research engineer at McAfee Inc.
The Sober variant is referred to as Sober.j by McAfee and as Sober.i and by F-Secure Corp. and Kaspersky Labs Ltd. This variant is the latest version of a worm that first appeared in October last year.
The new worm sends itself as an attachment to German and English e-mail messages. Infected messages have various subjects and body texts. The worm isn't activated until the recipient opens the attachment.
Once opened, a fake error message is displayed and the worm creates two files in the Windows directory. Like its predecessors, Sober.i spreads by skimming e-mail addresses from victims' computers, then mailing copies of itself to those addresses.
The two files make it harder to manually remove the worm from an infected system, Van Oers said. Both files are loaded in the system's memory, and when one is deleted the other will re-create it, he said. Antivirus software is able to remove the worm, he said.
In spreading, Sober.i adapts its message for German-speaking audiences, inserting a German-language version of its pitch message into e-mail addresses belonging to German domains, such as those ending in .de for Germany, .ch for Switzerland and .at for Austria, F-Secure of Helsinki said in an advisory.
"It appears that the virus originated in Germany," McAfee's Van Oers said.
Sober.i appears to do no damage to users' systems other than replicating itself. The worm does try to download software from a remote location, but that feature didn't work when tested by McAfee, Van Oers said. The worm doesn't install any keystroke loggers or back doors into the user's system.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
Viruses
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Key Strategies for Managing Data Growth
What are you storage challenges?
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
