Print
Discuss
Send to friend
RSS feedsA newly discovered variant of the mass-mailing Sober email worm is spreading rapidly and has already been spotted in the UK, according to MessageLabs.
The email security company said that it has intercepted 1,400 copies of W32.Sober-K-mm since 5am GMT this morning in Germany, France, the US and the UK.
Sober-K-mm sends itself as an attachment and creates random subject lines and body texts in either English or German, depending on the email addresses harvested by the worm.
It can also show a fake notice from antivirus vendors warning about a new version of the virus, and attempts to dupe users into clicking on the attachment which contains the worm by claiming that it contains a software patch.
But computer users who activate the file attached in the email invoke the virus, which harvests email addresses from the computer's hard drive.
Subject lines in the email may include 'Alert! New Sober worm', 'Paris Hilton Sex Videos', 'You visit illegal websites' and 'Your new Password'.
Once activated, Sober.K-mm drops several copies of executable files onto an infected computer with 'filenamescsrss.exe', 'winlogon.exe' and 'smss.exe'.
The worm modifies the registry key Software\Microsoft\Windows\CurrentVersion\Run so that it executes on startup. It then displays the contents of the file (systemdrive%/windows/temp/doc_data-text.txt) in notepad.
See also:
Promise of World Cup tickets hides deadly payload 03 May 2005
The advice remains the same: do not click on attachments 02 Mar 2005
BitDefender dismisses infection as work of Romanian student 21 Jan 2005
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack. 15 Apr 2004All Enterprise Security Technology
del.icio.us
Digg this
reddit!
