News Stay informed about the latest enterprise technology news and product updates.

Sober-L has a 'lock' on computers

A new variant imposes itself in memory and rewrites registry keys. That means that this current low threat carries high damage potential.

Several antivirus firms said Monday that a new member of the Sober worm family is in the wild. Sober-L is much like its predecessors, with one key difference:

"It locks itself in your computer's memory and rewrites the registry key," said Andrew Lee, chief technology officer for San Diego-based Eset. "Once it's in memory, you can't detect it. It hides itself very well and is extremely hard to clean."

Lee said his firm has gotten reports mostly from Germany and Spain. But there have also been sightings in the United States and elsewhere. "It's very widespread in Germany right now, and there are pockets in other countries," he said.

Lynnfield, Mass.-based Sophos said Sober-L is much like its predecessors, using e-mail attachments to spread and targeting Windows systems. According to the company's advisory, the latest variant:

The firm issued an alert Monday afternoon saying it had received "several reports" of the worm in the wild.

Tokyo-based Trend Micro had also gotten a number of infection reports Monday afternoon. In its advisory, the company said the overall threat was low for now but that the damage and distribution potential was high.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.