Sober-L has a 'lock' on computers

A new variant imposes itself in memory and rewrites registry keys. That means that this current low threat carries high damage potential.

Several antivirus firms said Monday that a new member of the Sober worm family is in the wild. Sober-L is much like its predecessors, with one key difference:

"It locks itself in your computer's memory and rewrites the registry key," said Andrew Lee, chief technology officer for San Diego-based Eset. "Once it's in memory, you can't detect it. It hides itself very well and is extremely hard to clean."

Lee said his firm has gotten reports mostly from Germany and Spain. But there have also been sightings in the United States and elsewhere. "It's very widespread in Germany right now, and there are pockets in other countries," he said.

Lynnfield, Mass.-based Sophos said Sober-L is much like its predecessors, using e-mail attachments to spread and targeting Windows systems. According to the company's advisory, the latest variant:

The firm issued an alert Monday afternoon saying it had received "several reports" of the worm in the wild.

Tokyo-based Trend Micro had also gotten a number of infection reports Monday afternoon. In its advisory, the company said the overall threat was low for now but that the damage and distribution potential was high.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close