‘Sober’ worm strikes email

3 Nov 2003

Posing as an update from antivirus vendors amongst other strategies, Sober tries to trick users into opening tainted email. According to experts many different versions of Windows are vulnerable to the new virus. Sober also tries to hide itself by using different subject lines in both English and German and by changing the name of the file holding the virus.

The virus sometimes looks like a warning to email users that they are sending out email messages that are infected with the virus. Sober also reuses subject lines seen in older viruses.

It is understood that Sober travels with its own email engine so that it can send itself to any addresses it harvests from computers that it has succeeded in infecting.

The virus is understood to be spreading most widely in Germany but is also starting to turn up in the UK where Message Labs says it has stopped under 3,500 copies of Sober since the weekend.

Operating systems that are vulnerable to the worm attack are Windows 2000, 95, 98, Me, NT Server 2003 and XP.

Once an unsuspecting computer user opens the attached virus, a false error message is displayed that makes the user think that they have avoided infection. Hidden inside the body of the virus is text that praises the creator of the Sobig worm that spread in August. The Sobig worm was the fastest spreading worm in history with more than 200 million emails sent over the internet by infected computers, causing millions of euro worth of damage.

Security stats & facts

One out of every 10 laptops computers is stolen within the first 12 months of purchase and 90pc of them are never be recovered. (US Federal Bureau of Investigation annual statistics)

2,900 laptops, 1,300 personal digital assistants and 62,000 mobile phones were left in London taxis in six-month period. (The Encyclopaedia of Computer Security)

In October, the private data of 120,000 Canadians was lost in PC theft. According to NationalPost.com, government insiders say the theft is the “biggest loss” of personal information in Canadian history

Some 73pc of companies do not have a specific security policy for mobile devices such as laptops. (Entropy computer security)

Please visit our sponsors: CheckPoint : Entropy