To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39154283,00.htm

Virus alert: Sober trio in the wild
New variants can disable antivirus software...

By Greg Sandoval

Published: Wednesday 16 November 2005

There are at least three new variants of the Sober worm spreading across the internet via email messages. The viruses are activated once a user clicks on an infected attachment.

The new variants of Sober, a worm that first appeared in 2003, are capable of disabling antivirus programs, according to Finland-based company F-Secure.

Antivirus company Kaspersky Labs said on its website that large numbers of infected emails have been intercepted. This confirms, said the company, the epidemic was caused by spamming. Kaspersky Labs identified the variants as Sober.u, Sober.v, and Sober.w.

Internet security officials in Germany warned on Monday of a possible Sober attack. In recent months, Sober has been used in that country to spread rightwing propaganda.

Last month, a variant of the Sober worm was spread as an attachment that claimed to be an old class photo sent by a schoolmate.

Sober can hijack a Windows-based computer and force it to send spam emails. The continuous emailing can lead to overloaded servers and reduced network performance.

Security firms cautioned computer users to be careful when opening attachments. Infected messages may have a random subject line or none at all, according to Kaspersky Labs.

But the attachments can be recognized by their names: Exceltab-packed_List.exe; Liste.zip and Reg-List-Dat_Packer2.exe; reg_text.zip Word-Text.zip; Word-Text_packedList.exe; and Word-Text_packedList.zip.

The virus creators appeared to taunt security experts with a message left in the code which reads: "Use your debuggers, it's fun."

Greg Sandoval writes for CNET News.com