Sober.p is currently the most common malicious program found in email traffic
Sober.p is currently the most common malicious program found in email traffic
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Sober.p worm causes European epidemic

Latest mutant breaking records for rate of propagation

Robert Jaques, vnunet.com 04 May 2005
ADVERTISEMENT

The newly detected Sober.p mutant of the Win32.Sober worm has spread rapidly causing an "epidemic in western Europe", according to IT security experts.

Virus analysts at Kaspersky Lab reported that data from ISPs shows the worm to be the most common malicious program found in email traffic.

"Sober.p has broken records in terms of the number of infected messages sent out and the speed of propagation throughout western European segments of the internet, in The Netherlands, Germany and Hungary among others," Kaspersky Labs warned.

However, the number of messages which the security firm has received about Sober.p from Russian and Asian users has been "minimal".

Sober.p spreads as a .zip attachment in infected messages. The 53KB attachment contains a copy of the worm which unpacks itself. The message subject is chosen at random from a defined list, as is the message itself. Both may be in German.

The worm is activated when the user launches the attachment. It causes a fake error message to be displayed, 'CRC not complete', and then copies itself to the system directory, naming the copies as if they are system services.

Sober.p also creates copies of itself in other files, and adds these files to the system registry.

Once it has copied itself, the worm scans the victim machine for addresses to harvest, searching address books and a range of files including text files, PowerPoint files and databases. Sober.p then sends itself to the addresses collected from the infected machine.

More information about Sober.p can be found here.

Alert level raised on latest sober mutant
You've got mail, but be careful  19 Apr 2005
W32.Sober-K-mm on the loose
Mutant Sober worm spreading fast
Security firm intercepts 1,400 copies of latest mass-mailer variant  21 Feb 2005
Security
Security
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Systems and Development Support Officer
New Cross, London, United Kingdom | Goldsmiths College
Systems and Development Support Officer, Up to £36,277 pa incl, New Cross, London Working within the Department of IT Services, you will be assisting in the management and development of our central server resources. This ... more >
Administrative Computing Unit- Programmer/Analyst (Content Management System)
United Kingdom | Swansea University
Programmer/Analyst (Content Management System), £25,135 - £28,290 pa Administrative Computing Unit   Joining an established team your role is to develop and enhance the University's use of the Terminal-Four Content Management System. Working closely with technical ... more >
Senior Business Intelligence (BI) Consultant
London, United Kingdom | Calumo Group
CALUMO Group is a leading provider of Business Intelligence and Performance Management solutions.    We work in partnership with our clients to help them improve their Planning, Budgeting and Reporting Processes.  Clients include Ernst & ... more >
Website Content Manager
London, United Kingdom | Kings College London
Website Content Manager - Mental Health Care Department of Psychology/Computing and Knowledge Management This is a unique opportunity for someone who can combine their talents as a web editor with an excellent ability to communicate ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Feedback . Contacts
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503