Article

Sober-C worm speaks German

Edward Hurley, News Writer

A new variant of the Sober worm emerged over the weekend and is spreading, primarily in German-speaking countries.

Antivirus vendor McAfee and e-mail filtering outsourcer MessageLabs Inc.

    Requires Free Membership to View

said that 80% of Sober-C infections are coming from Germany. The mass-mailing worm does not carry a destructive payload, and it can send messages in either English or German.

McAfee has rated the worm as a medium risk. Antivirus software vendors Symantec Corp. and F-Secure Corp. each have it as a level 2 risk.

Sober-C is a straightforward mass mailer. It sends copies of itself as an attachment to an e-mail message and attaches with one of the following file extensions: .bat, .cmd, .pif, .scr, .exe and .com.

Administrators are urged to update their antivirus signatures and block the offending file extensions in order to avoid infection. Sober-C attacks systems running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP.

The worm uses a variety of subject lines, message bodies and attachment names. It searches infected machines for e-mail addresses from a variety of files, including cached Web pages and Microsoft Word documents. If an address contains a domain that may be a German-speaking country, like Germany (.de), Austria (.at), Belgium (.be) or Switzerland (.ch), then the worm mails itself with a message written in German.

The first time the worm executes, users see a bogus error message with the subject "Microsoft" and the text " has caused an unknown error. Stop: 00000010x18".

Bilingual worms are not new. In May, Fizzer-A used German, English and Dutch subject lines and messages to entice people into opening the attached worm. Sober-A also arrived with English or German subject lines and pretended to be a fix for a bogus worm.

The English message text should make most users suspicious, because English doesn't appear to be the creator's first language. Some messages offer free games; others warn recipients that their systems are insecure. Others purport to come from law enforcement agencies investigating software piracy.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: