Panda Software Reports the Appearance of the Sober.A Worm

PandaLabs has detected a new worm called Sober.A (W32/Sober.A.worm), and has begun to receive reports of incidents. This new malicious code is designed to spread rapidly via e-mail.

Sober.A reaches victims’ computers in an e-mail with variable subjects, text and attachment names (in English or German). One possible combination is:

Subject:

A worm is on your computer!

Message text:

I permanently get Spam-Mails from you and inside is a virus!!
You should remove these thing.
Read the document, before another or my mailbox explode!

Yours sincerely.

Attachment:

anti_virusdoc.pif

If the attached file containing Sober.A is run, a false error message is displayed.

At the same time, the worm sends itself to all the addresses it finds in a number of files on the computer, using its own SMTP engine. It stores all the addresses it finds in the file %sysdir%\MACROMED\HELP\MEDIA.DLL.

One of the main dangers of Sober.A is that it leaves two resident copies of itself running continually. If a user terminates one of the processes, or deletes one of these copies, the other will start it up or create it again.

Due to the incidents received and the possibility of an increase in the number of infections, Panda Software advises users to treat all e-mails received with caution, and to update their antivirus solutions if they haven’t already done so. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Sober.A.