New Worm On The Loose – 1,700 Copies Intercepted During First Three Hours

On 19th November 2004, MessageLabs, the leading provider of managed email security services to business worldwide, began intercepting several copies of a suspicious email containing a new variant of the Sober worm ? W32/Sober.J.

W32/Sober.J is a mass-mailing worm that sends itself as an attachment and creates random subject lines and body texts. Emails arrive in either English or German, depending on the harvested addresses identified by the worm.

The worm is also capable of showing a fake anti-virus scan report in the email message body in an attempt to dupe users into believing that the message has been scanned and is uninfected.

Name: W32/Sober.J
Number of copies intercepted so far: 1700 +
Time & Date first Captured: 19th November, 2004, 06.01 GMT

Email Characteristics

Various, including:

Mail delivery system
Delivery failure

Body text: Random

Attachment: Numerous.

The attachment also often has a double file extension.

Size: 56808

About MessageLabs

MessageLabs is the leading provider of managed email security services to businesses based on market share, according to a Yankee Group Security Solutions & Services Report, February 2004. The company offers industry-leading managed Anti-Virus, Anti-Spam, Image Control and Content Control services to more than 9,000 businesses around the world to combat email threats before they reach corporate networks and without the need for additional hardware or software. Powered by a global network of data centres spanning four continents, MessageLabs scans millions of emails each day on behalf of clients such as The British Government, The Bank of New York, Bertelsmann, CSC, Diageo, Orange, Random House, SC Johnson and StorageTek. The service is also available through more than 600 channel partners, including BT, Cable & Wireless, CSC, IBM, MCI and Unisys. For more information on MessageLabs, please visit

Don't miss