Sober.p is currently the most common malicious program found in email traffic
Sober.p is currently the most common malicious program found in email traffic
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Sober.p worm causes European epidemic

Latest mutant breaking records for rate of propagation

Robert Jaques, vnunet.com 04 May 2005
ADVERTISEMENT

The newly detected Sober.p mutant of the Win32.Sober worm has spread rapidly causing an "epidemic in western Europe", according to IT security experts.

Virus analysts at Kaspersky Lab reported that data from ISPs shows the worm to be the most common malicious program found in email traffic.

"Sober.p has broken records in terms of the number of infected messages sent out and the speed of propagation throughout western European segments of the internet, in The Netherlands, Germany and Hungary among others," Kaspersky Labs warned.

However, the number of messages which the security firm has received about Sober.p from Russian and Asian users has been "minimal".

Sober.p spreads as a .zip attachment in infected messages. The 53KB attachment contains a copy of the worm which unpacks itself. The message subject is chosen at random from a defined list, as is the message itself. Both may be in German.

The worm is activated when the user launches the attachment. It causes a fake error message to be displayed, 'CRC not complete', and then copies itself to the system directory, naming the copies as if they are system services.

Sober.p also creates copies of itself in other files, and adds these files to the system registry.

Once it has copied itself, the worm scans the victim machine for addresses to harvest, searching address books and a range of files including text files, PowerPoint files and databases. Sober.p then sends itself to the addresses collected from the infected machine.

More information about Sober.p can be found here.

Alert level raised on latest sober mutant
You've got mail, but be careful  19 Apr 2005
W32.Sober-K-mm on the loose
Mutant Sober worm spreading fast
Security firm intercepts 1,400 copies of latest mass-mailer variant  21 Feb 2005
Security
Security
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Information Services Manager
United Kingdom | Hackney Homes
Hackney Homes Information Services Manager £46,737 - £53,196 p.a. (pay award pending) You'd be hard put to find another such opportunity to join a young and vibrant organisation in such an influential role. We are ... more >
Development Team Leader / IT Specialist
Welwyn Garden City, Hertfordshire, United Kingdom | Tesco.com
Development Team Leader / IT Specialist - Welwyn Garden City Who's behind the world's most successful online retailer? Just over 10 years ago we started Tesco.com (aka Dotcom). Today, we've an incredible 750,000 active customers ... more >
Looking for a career in Web Design? Advent IT training is recognised by major companies worldwide...
United Kingdom | Advent Computer Training
Are you stuck in a dead end job? Do you want to take control of your salary, life and career? Advent IT and computer training offers advanced, professional training and helps you find the right ... more >
Business Analyst
Aylesbury, Buckinghamshire, United Kingdom | Grass Roots
Business Analyst - £35,000 - £50,000 + benefits - Aylesbury  Grass Roots are one of the Sunday Times Top 100 companies to work for (2007 and 2008). Established in 1980, we're part of the Grass ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Feedback . Contacts
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503