News

Sober.I Makes the Rounds

Another version of Sober is getting attention from the major security companies.

Identified primarily as the I variant of Sober, it is a mass-mailing worm with its own SMTP engine. Once it infects a computer, Sober.I harvests e-mail addresses from various files on the computer. Subject e-mail messages generated by Sober are in English or German, and the worm has been spreading primarily in the United States, Germany and Austria.

A user who activates the worm by clicking on the attachment sees a fake error message designed to fool the user into thinking the worm's payload did not run. The error message reads, "WinZip_Data_Module is missing~Error: {2A0DCCF6}."

Security vendor's assessment of the severity of Sophos.I's risk range from a high five-out-of-five rating by Sophos to a four-out-of-seven rating by Network Associates.

The Sober family is a little over a year old, getting its start with a worm that appeared in October 2003.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.