Print
Discuss
Send to friend
RSS feedsThe newly detected Sober.p mutant of the Win32.Sober worm has spread rapidly causing an "epidemic in western Europe", according to IT security experts.
Virus analysts at Kaspersky Lab reported that data from ISPs shows the worm to be the most common malicious program found in email traffic.
"Sober.p has broken records in terms of the number of infected messages sent out and the speed of propagation throughout western European segments of the internet, in The Netherlands, Germany and Hungary among others," Kaspersky Labs warned.
However, the number of messages which the security firm has received about Sober.p from Russian and Asian users has been "minimal".
Sober.p spreads as a .zip attachment in infected messages. The 53KB attachment contains a copy of the worm which unpacks itself. The message subject is chosen at random from a defined list, as is the message itself. Both may be in German.
The worm is activated when the user launches the attachment. It causes a fake error message to be displayed, 'CRC not complete', and then copies itself to the system directory, naming the copies as if they are system services.
Sober.p also creates copies of itself in other files, and adds these files to the system registry.
Once it has copied itself, the worm scans the victim machine for addresses to harvest, searching address books and a range of files including text files, PowerPoint files and databases. Sober.p then sends itself to the addresses collected from the infected machine.
More information about Sober.p can be found here.
Security firm intercepts 1,400 copies of latest mass-mailer variant 21 Feb 2005
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack. 15 Apr 2004All Enterprise Security Technology
del.icio.us
Digg this
reddit!
