Guest Grim Reaper Posted October 27, 2003 Report Share Posted October 27, 2003 A new virus threat called Sober could be causing a few headaches today, according to antivirus researchers.The Sober worm, spotted in the last 12 hours, is a traditional attachment-based piece of malware that uses social engineering to trick people into activating its payload. In contrast with the Flea virus discovered last week, which so far appears to have failed to bite, Sober hides its code in an HTML email. Microsoft Outlook users can activate the payload just by opening the email."We haven't seen many reports of Flea at all," said Graham Cluley, senior analyst at antivirus specialist Sophos."Meanwhile the Sober worm has been around for a few hours and we've seen several reports of infections. It surfaced about midnight and is spreading through email systems as people log on and start checking their mail."Sober arrives as an email in English or German with the payload coming as an attachment. It uses a wide variety of headers, promising that the attachment contains everything from pornography to an antivirus patch.Once activated the malware installs itself as 'drv.exe', 'similare.exe' or 'systemchk.exe'. It then mails itself to any found addresses using its own SMTP engine. The outgoing emails have spoofed headers, which makes backtracking the virus source more difficult.The Sober worm has also been upgraded to the same threat level as Flea by antivirus firm F-Secure.Jason Holloway, general manager of F-Secure, said: "There's been some growth in Flea infections. Its method of propagation is quite unusual but it's no SoBig. "The way it was initially spread doomed it from the start - it started from a low infection base and we found a solution quickly."Information on the Sober worm can be found heresource: VU Net Quote Link to comment Share on other sites More sharing options...
expertec Posted October 27, 2003 Report Share Posted October 27, 2003 http://securityresponse.symantec.com/[email protected] Quote Link to comment Share on other sites More sharing options...
andsome Posted October 28, 2003 Report Share Posted October 28, 2003 This kind of thing makes it even more important to run a program like Mailwasher, even though you have an AV program. Spam is getting worse as far as I am concerned. I usually get up to about 40 each morning with a steady trickle arriving throughout the day. This morning there were 62 waiting on the server, some of which contained attachments. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.