Sober-F making the rounds

Antivirus vendors are rushing to update signature files to detect a new Sober worm variant that is becoming widespread.

Antivirus vendors are rushing to update signature files to detect a new Sober worm variant that is becoming widespread.

"I suspect the virus writers are launching these things from zombie computers or bot farms to get the 'instant spread,'" said Roger Thompson, vice president of product development at PestPatrol.

W32.Sober-F@mm travels as either a .pif or a .zip file and sends its message in either German or English depending on the domain of the e-mail address it's sent to.

The worm is ranked as a medium-level threat for corporate users. Sober-F adds files to the system folder and creates registry keys to execute on system boot. According to Santa Clara, Calif.-based Network Associates, "This worm is intended to spread by sending itself to e-mail addresses found on the local system. The worm does not use any exploits in order to execute the attachment automatically. The worm is difficult to find and hides from many antivirus scanners. "

Experts recommend filtering executable attachments -- .exe, .pif, .scr, .com, .bat, .vbs, .lnk, and .hta, among them -- at the gateway and disabling HTML in e-mail either by filtering at the e-mail perimeter or at the e-mail client.

NAI description

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close