Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » New Sober variants

New Sober variants

by Nikola Strahija on November 17th, 2005 Anti virus firms warn that further variants of the Sober worm could still infect Windows-based computers. Kaspersky Lab and Symantec have recently detected worm variants of E-mail-Worm.Win32.Sober.


The variants are modifications of the same program, said Kaspersky. A vast number of samples of the variants have been intercepted in e-mail traffic, indicating that the worms are spreading by spam containing infected messages.

The messages might not have a subject line or text, but can be identified by the attachment name. The attachment names identified so far are: Exceltab-packed_list.exe; Liste.zip; Reg-List-Dat_Packer2.exe; reg_text.zip; Word-Text.zip; Word-Text_packedList.exe; Word-Text_packedList.zip.

The worm activates only if a computer user clicks on the attachment, which causes a false error message, "WinZip Self-Extractor. WinZip_Data_Module is missing ~Error," to pop up, Kaspersky said. The worm variants copy themselves to the Windows system directory and then registers the files to the system registry so that the worm launches every time Windows is rebooted.

The worm uses its own SMTP (Simple Mail Transfer Protocol) engine to spread, Symantec said. Spam that it generates is in either English or German, said Symantec. Instructions for removing the worm from infected systems can be found at Symantec's website.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »