- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
A new Sober mass mailer worm is slithering its way around the 'Net and tricking users into opening attachments with clever messages in both English and German, anti-virus companies warned Tuesday.
W32.Sober.N@mm sends e-mail messages with the subject headers "I've_got your EMail on my_account!" and "FwD: Ich bin's nochmal" and carries attachments with names like your_text.zip, according to Helsinki security firm F-Secure. When opened, the attachment scans files on the infected computer to harvest e-mail addresses that enable the worm to spread.
Symantec also released an advisory on the Sober variant, rating its damage as "medium."
The worm was first reported at 2 a.m. CET, and has been spreading in Europe, particularly in German speaking countries, according to Mikko Hyppönen, director of anti-virus research at F-Secure.
The body text for the English version begins "Hello, First, Very Sorry for my bad English. Someone is sending your private e-mails on my address." It then tells the recipient that 10 of their personal e-mails are attached in a zip file.
The message represents a clever bit of social engineering because it appears plausible, and in the case of the German versions, is in a local language, Hyppönen said. Most users are accustomed to receiving spam and viruses in English, he added.
The motive behind creating the worm is still unclear and F-Secure does not know the identity of the author, Hyppönen said.
It is difficult to tell how rapidly the worm is spreading because the author used computers infected with a previous version of Sober to launch the new variant and "get a head start," Hyppönen said.
The researcher believes that the author is based in Europe because Sober variants are always released very early in the morning European time, giving them a chance to spread before the antivirus companies start their day.
F-Secure and Symantec both advised Internet users to update their anti-virus software to guard against the new worm.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment