Experts at SophosLabs, Sophos’s global network of virus and spam analysis centres, are warning users about a new widespread email worm, posing as tickets for the 2006 World Cup in Germany. In the last 24 hours the worm has swept to the top of the most widespread virus chart, accounting for 62% of all viruses seen by Sophos’s monitoring stations around the world.
Like earlier versions of the Sober worm, the bilingual virus can travel in both English and German language emails as a malicious attached file. The worm can use a variety of different subject lines and message bodies, and when sent in German can pretend to be an email from FIFA (the international football association) saying the recipient has won free tickets for the 2006 soccer World Cup.
However, if the user opens the attached file they will become infected by the worm, and it will mass-mail itself to other email addresses found on the infected PC. Because of the amount of email which can be sent by the worm, computer users may find their mailboxes are filling up, and affected companies may discover that their email is slower.
“Many people will be eager to attend one of the biggest sporting events in the world next year, and may think it is worth the risk of opening the email attachment just in case the prize is for real,” said Graham Cluley, senior technology consultant for Sophos. “Computer users who don’t practise safe computing will feel as sick as a parrot, and will only be passing this worm onto other unsuspecting victims.”
Since it first emerged on Monday afternoon, the worm has gained momentum infecting more and more computer users.
“Those who thought that email viruses were dead are in for a rude awakening – the Sober-N worm accounts for almost 2 in every 3 viruses travelling across the internet at the moment. Although anti-virus protection is available it seems there must be many home users who have been complacent and are allowing their PCs to belch out more and more infected emails,” said Graham Cluley, senior technology consultant for Sophos. “Everyone should consider putting in place automatic anti-virus updates, and a policy of blocking dangerous attachments at the email gateway.”
This is not the first time a virus has used the international soccer tournament in an attempt to spread. In 2002 the Chick-F virus tried to exploit interest in the latest news from the World Cup in South Korea/Japan by posing as an onscreen scores ticker. In 1998, in the run-up to the World Cup competition in France, another football-inspired virus asked infected victims to place a bet on who the winner might be, and if the user did not choose the right team triggered a payload capable of wiping data off computer hard drives.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats and secure their desktops and servers with automatically updated anti-virus protection.
More information about Sober-N is available at: http://www.sophos.com/virusinfo/analyses/w32sobern.html