New SoberD worm preys on user paranoia
Posted on 8 Mar 2004 at 16:36
Computer users may feel they are already reeling from the current spate of viruses, particularly the many-headed MyDoom, Netsky and Bagle variants. But now there is a new concern. Following in the wake of the virulent Sober-C, comes a new Sober variant.
Spreading via email, the worm pretends to be a security update from Microsoft in the hope that recipients of infected emails will execute the attachment. The file purports to be a fix for the MyDoom virus. The email arrives with a subject line of 'Microsoft Alert: Please Read!' and its message text begins: New MyDoom Virus Variant Detected!
Copying itself into the Windows system folder under a variety of random names, it also adds a number of data files to the directory (such as mslogs32.dll and wintmpx33.dat). A message box will appear when infection is first activated, displaying: 'This patch has been successfully installed.'
As always, however, users should beware email attachments claiming to be security fixes. Official security notifications will always redirect a user to the company's website, from which any authorised updates can then be downloaded.
'This latest incarnation of the Sober worm seems to be preying on the current paranoia about email security,' said Graham Cluley, senior technology consultant at Sophos. 'The last couple of weeks has seen an endless stream of new viruses spreading in the wild including two variants of the MyDoom worm. But computer users shouldn't be tricked into trusting security fixes which arrive via email - the only place from which to download a patch is from the appropriate vendor's website.'
As with Sober-C, the worm is bi-lingual in that if it is being sent to a German email address, it presents itself in German instead of English.
Also titled as 'Roca-A' by Sophos, you can find more information about the worm on the anti-virus company's website.
See also:
Sober virus on popular European tour
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk