Sober-F making the rounds

Shawna McAlearney, News Writer

Antivirus vendors are rushing to update signature files to detect a new Sober worm variant that is becoming widespread.

"I suspect the virus writers are launching these things from zombie computers or bot farms to get the 'instant spread,'" said Roger Thompson, vice president of product development at PestPatrol.

W32.Sober-F@mm travels as either a .pif or a .zip file and sends its message in either German or English depending on the domain of the e-mail address it's sent to.

The worm is ranked as a medium-level threat for corporate users. Sober-F adds files to the system folder and creates registry keys to execute on system boot. According to Santa Clara, Calif.-based Network Associates, "This worm is intended to spread by sending itself to e-mail addresses found on the local system. The worm does not use any exploits in order to execute the attachment automatically. The worm is difficult to find and hides from many antivirus scanners. "

Experts recommend filtering executable attachments -- .exe, .pif, .scr, .com, .bat, .vbs, .lnk, and .hta, among them -- at the gateway and disabling HTML in e-mail either by filtering at the e-mail perimeter or at the e-mail client.

    Requires Free Membership to View

NAI description

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: