Printed from www.pcpro.co.uk
Sober virus outbreak springs six variants
Posted on 16 Nov 2005 at 13:01
New versions of the bi-lingual Sober worm have been spammed out in the last few hours, as predicted by the Bavarian Police.
On Monday the Bavarian Police issued a statement warning that they had information on an outbreak planned for the following day.
The author of the Sober worm, which uses either German or English text, depending on the domain of the recipient, is widely believed to be German. However, he or she remains at large. The police force said its information came from a year-long investigation tracking down the Sober author.
Finnish security experts F-Secure said they counted four fresh variants in four hours on Tuesday evening, one of which matched the description (in terms of subject and message texts) supplied by the Bavarian Police. And within 24 hours the firm had detected a further two variants.
Russian security company Kaspersky also confirmed the outbreak, with variants of Sober from U to Z now added to the list.
As well as standard worm behaviour such as mailing itself on to other email addresses found on the victim's computer, the virus also installs a back door allowing remote access to the machine.
Kaspersky notes that the variants also install a tool - PSWTool.PassView.162 - which logs passwords entered through Internet Explorer and Outlook. It says it suspects that the attacker will download code to allow the virus to transmit those passwords back.
The most likely reason behind this is that having that mechanism in place to begin with would alert the security industry as to the destination these passwords, which would result in the IP address of the receiving system being quickly shut down.
The new variants display characteristics such as the following:
Subject: Registration Confirmation
Body: Thanks for your registration. Your data are saved in the zipped Word.doc file!
Attachment: registration.zip
Computer users should ensure their antivirus software is up to date with the latest definitions.
Author: Matt Whipp
advertisement
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Microsoft Word 2010 screenshots: Text Effects
- Microsoft Word 2010: inserting screenshots
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
