Sober-ing Thought: New Worm Poses As Microsoft Patch - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Sober-ing Thought: New Worm Poses As Microsoft Patch

Sober.d, discovered Monday, masquerades as a patch from Microsoft that purports to keep MyDoom at bay.

A new virus discovered Monday plays off fears generated by last week's wave of worms by masquerading as a patch from Microsoft that purportedly keeps MyDoom at bay.

Sober.d, also dubbed Roca.a by some security firms, arrives in an E-mail message with a subject that reads "Microsoft Alert: Please Read!" The worm also comes in a German flavor, with a matching headline of "Microsoft Alarm: Bitte Lesen!"

The message's text goes on to urge the recipient to open the attached file, which can arrive either as an executable or within a password-protected Zip archive. The attachment, claims the message, will protect the user's computer from a new variant of the MyDoom worm, and has other text that tries to pass itself off as coming from Microsoft, which never E-mails security updates.

If the recipient launches the attachment, the worm scans the PC to see if it's already infected. If not, Sober.d displays a dialog box titled "Windows Update --MS-Q4232361791-" with the message: "The patch has been successfully installed."

If the computer has been infected, the dialog's message changes to: "This patch does not need to be installed on this system," giving users an even greater false sense of security, said Ken Dunham, the director of malicious code research at iDefense, in an E-mail to TechWeb.

Sober.d isn't the first worm to pose as a security update from Microsoft. Last year's Swen outbreak, for instance, successfully used this trick to infect thousands of computers.

Anti-virus vendors reacted by updating their virus definitions to take the new Sober into account, and by bumping up alert levels. Network Associates, for instance, tagged Sober.d as a "medium" threat, while rival Symantec labeled it as a "2" in its 1-through-5 scale.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
News
Data Science Salary Survey Reveals Market Shift
Jessica Davis, Senior Editor, Enterprise Apps,  6/27/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll