McAfee has raised the risk assessment of the recently discovered W32/Sober.k@MM mass mailing worm, also known as Sober.k.
Sober.k was detected last night, and is now spreading said McAfee.
The worm arrives as a .zip file attached to e-mail and has many of the same functionalities as its W32/Sober.j@MM predecessor.
Sober.k contains its own SMTP engine to construct outgoing messages, which are written in German or English. It harvests addresses from local files on the user’s machine and then uses these addresses to send itself.
This produces messages with spoofed "From" addresses and .zip attachments that contain an executable file inside.
The filename contains a dual extension with the first extension being ".TXT", followed by many spaces and the second extension being ".PIF".
Users would need to manually extract the executable from the .zip file and run the attachment in order to be infected.