New Sober variant a real kick

The latest member of the Sober worm family won't destroy your PC. But it could bog down your e-mail server.

Antivirus firms have been flooded with reports of a new Sober variant that uses random e-mail messages to trick users into opening infected attachments. This worm won't destroy the PCs it infects, but experts say it could seriously bog down e-mail servers.

"This is starting to push the boundaries of a medium risk assessment," Craig Schmugar, virus research manager for Santa Clara, Calif.-based McAfee Inc., said Monday afternoon. "We had reports from 8,000 customers in three hours."

Fortunately, Schmugar said, this latest variant -- named W32.Sober-P by McAfee, W32.Sober-O by Cupertino, Calif.-based Symantec Corp., W32.Sober-N by Lynnfield, Mass.-based Sophos, and Worm_Sober-S by Tokyo-based

More on Sober

Sober-L has a 'lock' on computers

Trend Micro -- doesn't carry a destructive payload. It also appears to be more of a problem for home users so far. "Most enterprise users have been able to block this at the gateway," he said.

According to Symantec, initial analysis indicates Sober-O spreads as e-mail attachments with such labels as account_info-text.zip, mail_info.zip or our_secret.zip. The worm uses its own SMTP engine to spread to addresses gathered from the machines it infects. Random e-mail messages may be in English or German. One German message claims the recipient has won World Cup soccer tickets.

"We're seeing a trend where you have more of these locally tailored viruses," said Alfred Huger, senior director of engineering for Symantec. "Soccer is very big in Germany, so the message is designed to give the worm better pick-up there."

Huger said the worm doesn't belong in the same arena as a Sasser or Mydoom. But it's the fastest-spreading worm in recent months, prompting Symantec to issue the Level 3 alert. "At this stage, we're getting 70 submissions an hour, which is a middle-of-the-road level 3," he said.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close