Kaspersky Labs: I-Worm Sober Breaks Out (Virus)

Posted in GD as a public service.

The poster is not an employee of, or in any way associated with Kaspersky Labs.
---

VirusList.com Virus Alerts & Virus News. Tuesday, October 28, 2003
******************************************************************

I-Worm Sober Breaks Out

The new Internet worm Sober masquerades as anti-virus software.

The Sober worm, first detected this past Saturday, is now surging in activity in connection with the beginning of the workweek.

Sober is a classic Internet worm that spreads via e-mail. Infected e-mail messages can have various body texts in English and in German; additionally the infected file attachment can have one of several file extensions (PIF, BAT, SCR, COM, EXE). All of this makes it significantly more difficult to identify from outside appearances.

Example of a message infected with the Sober:

Subject: New Sobig-Worm variation (please read)

Message body text: New Sobig variation in the net. You must change any settings before the worm control your computer! But, read the official statement from Norton Anti Virus!

Attachment name: NAV.pif

If the infected attachment is mistakenly opened the Sober worm is activated and proceeds to display a false error message:

File not complete!

The worm's body contains text strings in which its author expresses his admiration for the creator of another network worm, Sobig.

The defense against Sober has already been added to the anti-virus databases of reputable anti-virus software vendors. As always, computer users are advised to update their anti-virus software.

More detailed information about this malicious program can be found in the Kaspersky Virus Encyclopedia - http://www.viruslist.com/eng/viruslist.html?id=302666

also in case some of you don't have AV software.

www.avast.com

www.grisoft.com

Last I checked, both those companies had free individual user anti-virus programs.


TWL

:kick: