EDGE 2020 Goes Virtual
<p>A new Internet worm lavishes praise on the author of Sobig while masquerading as anti-virus software</p>
<p>Kaspersky Labs, a leading expert in data security software development, warns about the start of a virus epidemic from the Sober Internet worm. Sober was first detected this past Saturday, but is now observed surging in activity in connection with the beginning of the working week.</p>
<p>Sober is a classic network worm that spreads via e-mail. Infected e-mail messages can have various body texts in English and in German; additionally the infected file attachment can have one of several file extensions (PIF, BAT, SCR, COM, EXE). All of this makes it significantly more difficult to identify from outside appearances.</p>
<p>An example of a message infected with the Sober:</p>
New Sobig-Worm variation (please read)</p>
<p>Message body text:
New Sobig variation in the net.
You must change any settings before the worm control your computer!
But, read the official statement from Norton Anti Virus!</p>
<p>If the infected attachment is mistakenly opened, the Sober worm is activated and proceeds to display a false error message:</p>
<p>File not complete!</p>
<p>Using different file names, Sober creates three copies of itself in the Windows system directory, and registers these copies in the system registry's auto-run key. Next, the worm launches its spreading routine in which Sober first searches victim computers for files that may contain e-mail addresses (such as HTML, WAB, EML, PST, etc. file types), and then clandestinely, under the guise of the computer owner, sends itself out to the e-mail addresses found.</p>
<p>The worm's body contains text strings in which its author expresses his admiration for the creator of another network worm, Sobig.</p>
<p>The defense against Sober has already been added to the Kaspersky Anti-Virus database. More detailed information about this malicious program can be found in the Kaspersky Virus Encyclopedia (http://www.viruslist.com/eng/viruslist.html?id=302666).</p>
<p>For further information on Kaspersky Labs and kaspersky products, contact Raelene Forbes firstname.lastname@example.org</p>