Sober-L has a 'lock' on computers

Bill Brenner

Several antivirus firms said Monday that a new member of the Sober worm family is in the wild. Sober-L is much like its predecessors, with one key difference:

"It locks itself in your computer's memory and rewrites the registry key," said Andrew Lee, chief technology officer for San Diego-based Eset. "Once it's in memory, you can't detect it. It hides itself very well and is extremely hard to clean."

Lee said his firm has gotten reports mostly from Germany and Spain. But there have also been sightings in the United States and elsewhere. "It's very widespread in Germany right now, and there are pockets in other countries," he said.

Lynnfield, Mass.-based Sophos said Sober-L is much like its predecessors, using e-mail attachments to spread and targeting Windows systems. According to the company's

    Requires Free Membership to View

advisory, the latest variant:

The firm issued an alert Monday afternoon saying it had received "several reports" of the worm in the wild.

Tokyo-based Trend Micro had also gotten a number of infection reports Monday afternoon. In its advisory, the company said the overall threat was low for now but that the damage and distribution potential was high.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: