Several antivirus firms said Monday that a new member of the Sober worm family is in the wild. Sober-L is much like its predecessors, with one key difference:
"It locks itself in your computer's memory and rewrites the registry key," said Andrew Lee, chief technology officer for San Diego-based Eset. "Once it's in memory, you can't detect it. It hides itself very well and is extremely hard to clean."
Lee said his firm has gotten reports mostly from Germany and Spain. But there have also been sightings in the United States and elsewhere. "It's very widespread in Germany right now, and there are pockets in other countries," he said.
Lynnfield, Mass.-based Sophos said Sober-L is much like its predecessors, using e-mail attachments to spread and targeting Windows systems. According to the company's
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
advisory, the latest variant:
- Sends itself to e-mail addresses found on the infected computer;
- Forges the sender's e-mail address; and
- Uses its own e-mailing engine.
 |
||||
|
|
|||
|
||||
The firm issued an alert Monday afternoon saying it had received "several reports" of the worm in the wild.
Tokyo-based Trend Micro had also gotten a number of infection reports Monday afternoon. In its advisory, the company said the overall threat was low for now but that the damage and distribution potential was high.