Sober.p is currently the most common malicious program found in email traffic
Sober.p is currently the most common malicious program found in email traffic
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com

Free email newsletters




ADVERTISEMENT

Sober.p worm causes European epidemic

Latest mutant breaking records for rate of propagation

Robert Jaques, vnunet.com 04 May 2005
ADVERTISEMENT

The newly detected Sober.p mutant of the Win32.Sober worm has spread rapidly causing an "epidemic in western Europe", according to IT security experts.

Virus analysts at Kaspersky Lab reported that data from ISPs shows the worm to be the most common malicious program found in email traffic.

"Sober.p has broken records in terms of the number of infected messages sent out and the speed of propagation throughout western European segments of the internet, in The Netherlands, Germany and Hungary among others," Kaspersky Labs warned.

However, the number of messages which the security firm has received about Sober.p from Russian and Asian users has been "minimal".

Sober.p spreads as a .zip attachment in infected messages. The 53KB attachment contains a copy of the worm which unpacks itself. The message subject is chosen at random from a defined list, as is the message itself. Both may be in German.

The worm is activated when the user launches the attachment. It causes a fake error message to be displayed, 'CRC not complete', and then copies itself to the system directory, naming the copies as if they are system services.

Sober.p also creates copies of itself in other files, and adds these files to the system registry.

Once it has copied itself, the worm scans the victim machine for addresses to harvest, searching address books and a range of files including text files, PowerPoint files and databases. Sober.p then sends itself to the addresses collected from the infected machine.

More information about Sober.p can be found here.

Alert level raised on latest sober mutant
You've got mail, but be careful  19 Apr 2005
W32.Sober-K-mm on the loose
Mutant Sober worm spreading fast
Security firm intercepts 1,400 copies of latest mass-mailer variant  21 Feb 2005
Security
Security
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
EA Integrator
Reading, Berkshire, United Kingdom | EDS
Position - EA Integrator Location - Reading Job Description: A skilled System Integrator to integrate application Test Harnesses to support business requirements. The Candidate will possess specific experience of enterprise systems, component validation and integrating ... more >
I.T Technical Specialist
Inverness, United Kingdom | NHS Scotland
CORPORATE SERVICES E-HEALTH DEPARTMENT  RAIGMORE HOSPITAL INVERNESS TECHNICAL DEVELOPMENT TEAM IT TECHNICAL SPECIALIST  £24,103 to £32,653 PA An exciting opportunity has arisen to join the technical development team within the eHealth Department. We are looking ... more >
Workstream Lead Requirement, Design, Build and Test (Business Analyst)
Sandiacre, Nottinghamshire, United Kingdom | NHS Midlands
Workstream Lead Requirement, Design, Build and Test (Business Analyst) Strategic IM&T - Delivery   Band 7:      £29,091 - £38,352 per annum Hours:       37.5 per week Base:         Octavia House, Sandiacre Job Ref:     973 - 080810   ... more >
Applications Access Integrator
Reading, Berkshire, United Kingdom | EDS
Job Description: A skilled System Integrator to integrate application hosting environments to support business requirements. The Candidate will possess specific experience of enterprise systems, component validation and integrating technical Infrastructures and system management facilities within ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503