A new version of the Sober e-mail worm started spreading in Europe on Friday, according to antivirus suppliers, which have given the worm a mid-level threat rating.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Marius van Oers, an Amsterdam-based antivirus research engineer at McAfee, said the worm had spread to North America by the end of the day and was propagating there as well.
The Sober variant is called Sober.j by McAfee and Sober.i by F-Secure and Kaspersky Labs. This original worm first appeared in October last year.
The new worm sends itself as an attachment to German and English e-mail messages. Infected messages have various subjects and body texts. The worm is not activated until the recipient opens the attachment.
Once opened, a fake error message is displayed and the worm creates two files in the Windows directory. Like its predecessors, Sober.i spreads by skimming e-mail addresses from victims' computers, then mailing copies of itself to those addresses.
Van Oers said the two files made it harder to manually remove the worm from an infected system. Both files are loaded in system memory and when one is deleted the other will re-create it. Antivirus software is able to remove the worm.
Sober.i appears to do no damage to users' systems other than replicating itself. The worm does try to download software from a remote location, although Van Oers said the feature did not work when McAfee tested it. The worm does not install any keystroke loggers or backdoors into a user's system.
Joris Evers writes for IDG News Service