Sober worm variant in the wild

News

Sober worm variant in the wild

Antony Savvas

McAfee has raised the risk assessment of the recently discovered W32/Sober.k@MM mass mailing worm, also known as Sober.k.

Sober.k was detected last night, and is now spreading said McAfee.

The worm arrives as a .zip file attached to e-mail and has many of the same functionalities as its W32/Sober.j@MM predecessor.

Sober.k contains its own SMTP engine to construct outgoing messages, which are written in German or English. It harvests addresses from local files on the user’s machine and then uses these addresses to send itself.

This produces messages with spoofed "From" addresses and .zip attachments that contain an executable file inside.

The filename contains a dual extension with the first extension being ".TXT", followed by many spaces and the second extension being ".PIF".

Users would need to manually extract the executable from the .zip file and run the attachment in order to be infected.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy