News

Sober.I Makes the Rounds

Another version of Sober is getting attention from the major security companies.

Identified primarily as the I variant of Sober, it is a mass-mailing worm with its own SMTP engine. Once it infects a computer, Sober.I harvests e-mail addresses from various files on the computer. Subject e-mail messages generated by Sober are in English or German, and the worm has been spreading primarily in the United States, Germany and Austria.

A user who activates the worm by clicking on the attachment sees a fake error message designed to fool the user into thinking the worm's payload did not run. The error message reads, "WinZip_Data_Module is missing~Error: {2A0DCCF6}."

Security vendor's assessment of the severity of Sophos.I's risk range from a high five-out-of-five rating by Sophos to a four-out-of-seven rating by Network Associates.

The Sober family is a little over a year old, getting its start with a worm that appeared in October 2003.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured