New Sober Poses As Good Samaritan
Another version of the tenacious Sober mass-mailed worm blew onto the Internet as it tried to fool recipients into opening mail.
Another version of the tenacious Sober mass-mailed worm blew onto the Internet Tuesday as it tried to fool recipients into opening mail tagged as "I've_got your EMail on my_account!"
The worm, which spread quickly in the United Kingdom early Tuesday morning -- one security firm was reporting nearly 88,000 copies had hit U.K. businesses by 11 a.m. local time. Another listed it as the fifth-most common worm of the last 24 hours, beaten only by the even more pernicious Netsky and Zafi.
- Strengthen Organizational Agility with the Latest Advances in Case Management
- Accelerate Agility Now: WebSphere Application Server v8.5.5 Overview
- Altair Speeds Complex Simulation and Workload Management with the Intel' Xeon Phi Coprocessor
- How Virtualization is Key to Managing Risk
Like earlier Sober variants, this one -- dubbed Sober.m by some anti-virus vendors, Sober.n by others -- can appear in English or German, spreads by hijacking addresses from infected PCs, and bundles its payload in a compressed .zip file.
"Someone is sending your private e-mails on my address," Sober reads. "It's probably an e-mail provider error! I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you & zipped then."
"The virus plays on people's desire to be a good net citizen," said Graham Cluley, a senior technology analyst with Sophos in a statement. "Anyone who receives a message like this may feel duty bound to open the attachment and investigate how their computer has been sending erroneous e-mail. But such good intentions could result in a nasty infection."
Sober.m/n also tries to disable Microsoft's AntiSpyware application, and its Malicious Software Removal Tool, which is an integral part of each month's security update from the Redmond, Wash.-based developer, and targets Sober among the malware it seeks out and destroys.
Most anti-virus firms listed the newest Sober as a medium, or lower, threat.