[ news_security_news ]
Sobering Up To Users: Sober Clones On The Loose
John Stith
Staff Writer
2005-11-15
 Insider Reports RSS Feed
Variants on the Sober worm are circulating right now according to recent information from Moscow-based Kaspersky Lab. The worms are modifications of the original program, Email-Worm.Win32.Sober.
According to Kaspersky's information the variants, labeled Sober.u, Sober.v and Sober.w, arrive as attachments on infected messages. The attachment contains the body of the worm and is about 130KB in size. They said although the infected messages either have a random subject and text or none at all, they can be recognized by their attachment names:
Exceltab-packed_List.exe
Liste.zip
Reg-List-Dat_Packer2.exe
reg_text.zip
Word-Text.zip
Word-Text_packedList.exe
Word-Text_packedList.zip
Fortunately, the worm is only activated if the user clicks on the attachment. Once the worm wiggles, it causes a false error message, "WinZip Self-Extractor. WinZip_Data_Module is missing ~Error," to be displayed on the screen.
Kaspersky said the work copy's itself to the Windows system directory and then registers these files into the directory. This will make sure plenty of copies are available each time the machine is rebooted. It also wiggles out through the email addresses.
Remember not to open attachments and keep your definitions updated.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
