A new variant of the Sober worm emerged over the weekend and is spreading, primarily in German-speaking countr...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Antivirus vendor McAfee and e-mail filtering outsourcer MessageLabs Inc. said that 80% of Sober-C infections are coming from Germany. The mass-mailing worm does not carry a destructive payload, and it can send messages in either English or German.
McAfee has rated the worm as a medium risk. Antivirus software vendors Symantec Corp. and F-Secure Corp. each have it as a level 2 risk.
Sober-C is a straightforward mass mailer. It sends copies of itself as an attachment to an e-mail message and attaches with one of the following file extensions: .bat, .cmd, .pif, .scr, .exe and .com.
Administrators are urged to update their antivirus signatures and block the offending file extensions in order to avoid infection. Sober-C attacks systems running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP.
The worm uses a variety of subject lines, message bodies and attachment names. It searches infected machines for e-mail addresses from a variety of files, including cached Web pages and Microsoft Word documents. If an address contains a domain that may be a German-speaking country, like Germany (.de), Austria (.at), Belgium (.be) or Switzerland (.ch), then the worm mails itself with a message written in German.
The first time the worm executes, users see a bogus error message with the subject "Microsoft" and the text "
Bilingual worms are not new. In May, Fizzer-A used German, English and Dutch subject lines and messages to entice people into opening the attached worm. Sober-A also arrived with English or German subject lines and pretended to be a fix for a bogus worm.
The English message text should make most users suspicious, because English doesn't appear to be the creator's first language. Some messages offer free games; others warn recipients that their systems are insecure. Others purport to come from law enforcement agencies investigating software piracy.