Sober Virus Strike Again

By Jeff Thenet

Yet another time! The popular Sober worm virus is striking again. This Sober variant (CME-681), has been discovered on November 21, 2005. In December 2005, this virus accounts for 50% of the PC infection. Some anti-virus companies says that from 1 to 3 emails out of 10 are currently infected with this Sober variant. It affects system running Windows 98, ME, NT, 2000, XP and Server 2003.

Sober propagates though email in English and German languages. The email promises Paris Hilton pictures or worst spoof the Federal Bureau of Investigation (FBI) or Central Intelligence Agency (CIA), informing the user that the agency has found evidence that the user supposedly visited illegal Web sites and asking her to open the attached program. This virus can stop some processes that include the name sober and also the Microsoft Windows Malicious Software Removal Tool process.

The bad news is that this worm will start to download after January 5, 2006 some other malicious code.

It’s hard to detect and you should run a removal tool even if you have an up-to-date Anti-Virus on your computer. You can find one Symantec there: http://securityresponse.symantec.com/avcenter/FixSbr.exe

This Sober variant is identified CME-681 by the Common Malware Enumeration and with all those others aliases:

CA: Win32.Sober.W
F-Secure: Sober.Y
Kaspersky: Email-Worm.Win32.Sober.y
McAfee: W32/Sober@MM!M681
Norman: W32/Sober.AA@mm
Panda: W32/Sober.AH.worm
Sophos: W32/Sober-Z
Symantec: W32.Sober.X@mm
Trend Micro: WORM_SOBER.AG

 

Jeff Thenet is an Internet Security expert focussed on helping family to be safe online.

 

Sober Virus Strike Again

 

 
Web homenetworksecurity.info

 

 

arrow
magnify
faq
keys
software
contact

 

Online reference for home network security and family safety using broadband Internet access
http://HomeNetworkSecurity.info 2001-2007