Welcome | Sign In
CRMBuyer.com
Malware

Sober Worm Back with Trickier Message

Print Version
E-Mail Article
Reprints
Sober Worm Back with Trickier Message

By Susan B. Shor
TechNewsWorld
Part of the ECT News Network
04/20/05 1:40 PM PT

The worm is spreading in Europe; by this morning there had been 88,000 reports of infections in England alone. If the attachment is opened, it will scan files on the infected computer looking for e-mail addresses and then report them back to the worm's author.


eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.

A new version of the Sober worm is spreading rapidly around the Web, this one with a twist. Called Sober-M or Sober-N by various security companies, it uses an e-mail in poorly worded English to try to convince recipients that their e-mail Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse is being diverted to the alleged sender.

The subject of the infected messages is "I've_got your e-mail on my_account!" The infected .zip file is commonly named "your_text.zip." There is also a German version with the subject "FwD: Ich bin's nochmal."

Two Languages More Effective

The two different languages adds more credibility to the e-mail, one security analyst said.

"This is an interesting facet of the worm; the use of regional settings is a novel approach for this type of malware as usually we see only English as the language used for propagation," SecurityCurve President Ed Moyle told TechNewsWorld.

"Using the native language of the sender increases the efficacy of the 'social engineering' aspect of the malware -- in other words, the worm banks on the fact that people are more likely to open and run a file addressed to them in their native language."

The worm is spreading in Europe; by this morning there had been 88,000 reports of infections in England alone. If the attachment is opened, it will scan files on the infected computer looking for e-mail addresses and then report them back to the worm's author. E-mail addresses can be sold to spammers.

Not as Malicious

"This malware is not quite as damaging as some of the others that we've seen recently; for example, based on the reports from the antivirus vendors, there aren't any listening ports established and it doesn't delete files," Moyle said.

"It collects e-mail addresses from the infected machines, disables previous variants of Sober, and installs itself so that it will run again when the machine is restarted. Mostly, the emphasis of this worm seems to be on propagation and e-mail collection. It appears to be fairly successful in both endeavors given the propagation rate that we're seeing," he continued.

Security companies recommend updating virus definitions to prevent infection.

Moyle said mass-mailers such as Sober will probably become less of a nuisance in the future.

"I think as scanning technologies progress, as e-mail clients become more restrictive about executable content, and as users become more educated, that we will see fewer mass-mailers over the long-term," he said.

Print Version E-Mail Article Reprints More by Susan B. Shor

Talkback: Be the first to comment on this story.

More by Susan B. Shor

Salesnet President Jonathan Tang Ready to Take On Salesforce.com
February 07, 2006
"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers." 		Comcast Follows Time Warner in Offering 'Family' Programming Tier
December 23, 2005
"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times. 		High-Risk Flaw Found in Symantec's Software
December 22, 2005
"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Inside CRM Buyer
CRM Buyer
E-Commerce Times
TechNewsWorld
LinuxInsider
MacNewsWorld
Today's CRM Buyer Sponsors
Vertical Response Email Marketing!
Sign up for your Free Trial today and send 100 emails on us!
Complimentary Webinar
How Much is 'Free' Costing You? DaveRamsey.com’s 567% ROI with Enterprise Analytics
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.