Home > Security News > Sober-C worm speaks German
Security News:
EMAIL THIS

Sober-C worm speaks German

By Edward Hurley, News Writer
22 Dec 2003 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

A new variant of the Sober worm emerged over the weekend and is spreading, primarily in German-speaking countries.

Antivirus vendor McAfee and e-mail filtering outsourcer MessageLabs Inc. said that 80% of Sober-C infections are coming from Germany. The mass-mailing worm does not carry a destructive payload, and it can send messages in either English or German.

McAfee has rated the worm as a medium risk. Antivirus software vendors Symantec Corp. and F-Secure Corp. each have it as a level 2 risk.

Sober-C is a straightforward mass mailer. It sends copies of itself as an attachment to an e-mail message and attaches with one of the following file extensions: .bat, .cmd, .pif, .scr, .exe and .com.

Administrators are urged to update their antivirus signatures and block the offending file extensions in order to avoid infection. Sober-C attacks systems running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP.

The worm uses a variety of subject lines, message bodies and attachment names. It searches infected machines for e-mail addresses from a variety of files, including cached Web pages and Microsoft Word documents. If an address contains a domain that may be a German-speaking country, like Germany (.de), Austria (.at), Belgium (.be) or Switzerland (.ch), then the worm mails itself with a message written in German.

The first time the worm executes, users see a bogus error message with the subject "Microsoft" and the text " has caused an unknown error. Stop: 00000010x18".

Bilingual worms are not new. In May, Fizzer-A used German, English and Dutch subject lines and messages to entice people into opening the attached worm. Sober-A also arrived with English or German subject lines and pretended to be a fix for a bogus worm.

The English message text should make most users suspicious, because English doesn't appear to be the creator's first language. Some messages offer free games; others warn recipients that their systems are insecure. Others purport to come from law enforcement agencies investigating software piracy.



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts