Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Sober Sings the Praises of Sobig

29 October, 2003 12:01

A new Internet worm lavishes praise on the author of Sobig while masquerading as anti-virus software
Kaspersky Labs, a leading expert in data security software development, warns about the start of a virus epidemic from the Sober Internet worm. Sober was first detected this past Saturday, but is now observed surging in activity in connection with the beginning of the working week.
Sober is a classic network worm that spreads via e-mail. Infected e-mail messages can have various body texts in English and in German; additionally the infected file attachment can have one of several file extensions (PIF, BAT, SCR, COM, EXE). All of this makes it significantly more difficult to identify from outside appearances.
An example of a message infected with the Sober:
Subject:
New Sobig-Worm variation (please read)
Message body text:
New Sobig variation in the net.
You must change any settings before the worm control your computer!
But, read the official statement from Norton Anti Virus!
Attachment name:
NAV.pif
If the infected attachment is mistakenly opened, the Sober worm is activated and proceeds to display a false error message:
File not complete!
Using different file names, Sober creates three copies of itself in the Windows system directory, and registers these copies in the system registry's auto-run key. Next, the worm launches its spreading routine in which Sober first searches victim computers for files that may contain e-mail addresses (such as HTML, WAB, EML, PST, etc. file types), and then clandestinely, under the guise of the computer owner, sends itself out to the e-mail addresses found.
The worm's body contains text strings in which its author expresses his admiration for the creator of another network worm, Sobig.
The defense against Sober has already been added to the Kaspersky Anti-Virus database. More detailed information about this malicious program can be found in the Kaspersky Virus Encyclopedia (http://www.viruslist.com/eng/viruslist.html?id=302666).
For further information on Kaspersky Labs and kaspersky products, contact Raelene Forbes sales@kaspersky.com.au

Got more on this story? Email Computerworld
Follow Computerworld on twitter

Latest News

09:47AM: Dropbox launches product suite in response to booming gig economy
03:00PM: PCs still pack a punch as global device market prepares to hit 2.35B units
12:01PM: ASI Solutions chases new business with Karl Sice hire
10:15AM: Unisys lands $77.7M Dept of Immigration deal
: More News

25 Oct: ARN Platinum Club Lunch 2017
07 Nov: The 2017 Dicker Data & ARN Melbourne Cup
24 Nov: WIICTA 2017
18 Oct: Synology 2018 Sydney Annual User Event -- Join now!
24 Oct: Alloys Roadshow SA & WA 2017
25 Oct: NowForum Sydney: ServiceNow’s flagship event, ICC, 25 October 2017; View all events

Sober Sings the Praises of Sobig

Latest News

ASI Solutions chases new business with Karl Sice hire

Revealing the biggest lies told in the channel

ARN Events

Industry Events

Featured

Women in ICT Awards

ARN ICT Industry Awards

EDGE 2017

Emerging Leaders 2017