European Email Systems Braced For New Variant Of Sober Worm

Experts at IT security firm Sophos are warning computer users about the latest variant of the Sober worm, Sober-I (W32/Sober-I), which has been spreading widely since this morning.

The Sober-I worm is a bilingual mass mailing worm which sends itself to email addresses harvested from an infected computer. It uses a variety of subject lines, message bodies and file attachment names, both in English and in German.

Subject lines in English include “Oh God” and “Delivery_failure_notice” but German computer users can receive emails which say they have come from a 21-year-old blonde GoGo dancer who claims to have attached naked photographs of herself. In all cases the attached file contains a malicious copy of the Sober-I worm which will attempt to mass-mail itself to other users.

“This latest variant of the Sober worm may catch out the unwary as they open their email inbox this morning,” said Graham Cluley, senior technology consultant at Sophos. “Although much-publicised virus outbreaks in the past should have made users more nervous of double-clicking on unsolicited email attachments, some still find it hard to resist. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection.”

Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.

Sophos offers the following advice:

*Consider blocking dangerous file types at the email gateway. It’s almost impossible to make a business case for using email to distribute programs, on account of the associated dangers.”

*Update your anti-virus software regularly so you can identify new worms and viruses effectively and accurately. Emails which sound too strange to be true, or sound too good to be true, probably aren’t true. You don’t need to be cynical or paranoid to exercise caution!

*If you have peer-to-peer file sharing programs installed on your company’s network, consider removing them. It is almost impossible to make a business case for unregulated file sharing across the internet, on account of the associated dangers.

Doing nothing about viruses and worms is not an option. Once infected by a worm like Sober, your computer will try to send the worm to as many other potential victims as it can. Even if you don’t care about your computer, be considerate of the effect that your carelessness might have on other internet users.

Further details about Sober-I can be found at: