We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Vendors warn of new Sober variants

Windows-based computers at risk

Yet more variants of the mass-mail Sober worm are making the rounds of the internet and could infect Windows-based computers, antivirus firms warned on Tuesday.

Both Kaspersky Lab and Symantec have detected worm variants. Kaspersky noted three variants of E-mail-Worm.Win32.Sober, which Symantec identified as W32.Sober.S@mm. Thus far, the variants present a low risk and haven't been widely distributed.

These are modifications of the same program, said Kaspersky, which is based in Moscow. A "large number of samples" of the variants have been intercepted in email traffic, indicating that the worms are spreading by spam containing infected messages, the firm said in a statement. The variants arrive as an attachment to infected messages.

The messages might not have a subject line or text, but can be identified by the attachment name. Attachments thus far identified include: Exceltab-packed_list.exe; Liste.zip; Reg-List-Dat_Packer2.exe; reg_text.zip; Word-Text.zip; Word-Text_packedList.exe; and Word-Text_packedList.zip.

The worm activates only if a computer user clicks on the attachment, which causes a false error message, 'WinZip Self-Extractor. WinZip_Data_Module is missing ~Error', to pop up, Kaspersky said. The worm variants copy themselves to the Windows system directory and then registers the files to the system registry so that the worm launches every time Windows is rebooted.

The worm uses its own SMTP (Simple Mail Transfer Protocol) engine to spread, Symantec said. Spam that it generates is in either English or German, said Symantec, which is based in California. Mass mailing of spam containing the worm could clog servers or degrade network performance. Instructions for removing the worm from infected systems can be found at Symantec's website, by clicking on the Sober variant listing under 'latest threats'.

As always, the antivirus companies advise that computer users exercise caution in opening attachments.

IDG UK Sites

LG G4 launch live blog: What to expect from the LG G4 launch

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

Doctor Who scoops VFX gong at BAFTA TV Craft Awards

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......