Sober worm variant in the wild

McAfee has raised the risk assessment of the recently discovered W32/Sober.k@MM mass mailing worm, also known as Sober.k.

McAfee has raised the risk assessment of the recently discovered W32/Sober.k@MM mass mailing worm, also known as Sober.k.

Sober.k was detected last night, and is now spreading said McAfee.

The worm arrives as a .zip file attached to e-mail and has many of the same functionalities as its W32/Sober.j@MM predecessor.

Sober.k contains its own SMTP engine to construct outgoing messages, which are written in German or English. It harvests addresses from local files on the user’s machine and then uses these addresses to send itself.

This produces messages with spoofed "From" addresses and .zip attachments that contain an executable file inside.

The filename contains a dual extension with the first extension being ".TXT", followed by many spaces and the second extension being ".PIF".

Users would need to manually extract the executable from the .zip file and run the attachment in order to be infected.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close