Sober worm variant in the wild


Sober worm variant in the wild

Antony Savvas

McAfee has raised the risk assessment of the recently discovered W32/Sober.k@MM mass mailing worm, also known as Sober.k.

Sober.k was detected last night, and is now spreading said McAfee.

The worm arrives as a .zip file attached to e-mail and has many of the same functionalities as its W32/Sober.j@MM predecessor.

Sober.k contains its own SMTP engine to construct outgoing messages, which are written in German or English. It harvests addresses from local files on the user’s machine and then uses these addresses to send itself.

This produces messages with spoofed "From" addresses and .zip attachments that contain an executable file inside.

The filename contains a dual extension with the first extension being ".TXT", followed by many spaces and the second extension being ".PIF".

Users would need to manually extract the executable from the .zip file and run the attachment in order to be infected.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy