Article

New Sober variant a real kick

Bill Brenner

Antivirus firms have been flooded with reports of a new Sober variant that uses random e-mail messages to trick users into opening infected attachments. This worm won't destroy the PCs it infects, but experts say it could seriously bog down e-mail servers.

"This is starting to push the boundaries of a medium risk assessment," Craig Schmugar, virus research manager for Santa Clara, Calif.-based McAfee Inc., said Monday afternoon. "We had reports from 8,000 customers in three hours."

Fortunately, Schmugar said, this latest variant -- named W32.Sober-P by McAfee, W32.Sober-O by Cupertino, Calif.-based Symantec Corp., W32.Sober-N by Lynnfield, Mass.-based Sophos, and Worm_Sober-S by Tokyo-based

    Requires Free Membership to View

More on Sober

Sober-L has a 'lock' on computers

Trend Micro -- doesn't carry a destructive payload. It also appears to be more of a problem for home users so far. "Most enterprise users have been able to block this at the gateway," he said.

According to Symantec, initial analysis indicates Sober-O spreads as e-mail attachments with such labels as account_info-text.zip, mail_info.zip or our_secret.zip. The worm uses its own SMTP engine to spread to addresses gathered from the machines it infects. Random e-mail messages may be in English or German. One German message claims the recipient has won World Cup soccer tickets.

"We're seeing a trend where you have more of these locally tailored viruses," said Alfred Huger, senior director of engineering for Symantec. "Soccer is very big in Germany, so the message is designed to give the worm better pick-up there."

Huger said the worm doesn't belong in the same arena as a Sasser or Mydoom. But it's the fastest-spreading worm in recent months, prompting Symantec to issue the Level 3 alert. "At this stage, we're getting 70 submissions an hour, which is a middle-of-the-road level 3," he said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: