Sober Comeback Poses As Long Lost School Friend

Experts at SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, are warning users about two new spyware email worms, which pose as an old school photograph. The Sober-O worm is now the second most commonly reported virus to Sophos, accounting for approximately 10% of all reports in the last twelve hours. Sophos is also alerting users to the presence of another similar variant, Sober-P.

The Sober-O worm tempts users to open a picture of an old class photo. When recipients open this file, instead of seeing themselves in a picture, the worm attempts to infect their computer. If successful, the worm can steal information from the user, forge their email address and use its own spam engine to send itself to any addresses found on the infected zombie computer. Like earlier versions of the Sober worm, the bilingual virus can travel in both English and German language emails.

When translated, the German version of the email message contains the following text:

Subject line:
Fwd: class reunion

Message text:
I hope finally I’ve reached the right person this time!
Anyway I attached our old class photo taken in former times.
if you recognize yourself please really write back!
but if I addressed the wrong person once again sorry for the annoyance 😉
friendly greetings,

“It may be flattering to think that someone has taken the trouble to look you up and make contact, but it’s a lot less pleasant when you realise it’s really a virus writer trying to hijack your computer,” said Graham Cluley, senior technology consultant at Sophos. “The success of websites like FriendsReunited and show that many people have used the net to keep in touch with old school friends. Sophos has seen substantial reports of Sober-O, and the worry is that those targeted will be unable to tell which messages are genuinely from friends, and which ones are designed to cause trouble.”

Sober-O uses the same tricks as its predecessor, Sober-N, one of the biggest virus outbreaks of 2005. Sober-N compromised thousands of PCs in 40 countries by posing as tickets to the 2006 World Cup in Germany.

“The Sober family of worms is a wake up call to businesses about the damage that zombie machines can cause,” continued Cluley. “Companies must ensure they are properly protected against these consolidated threats with automatically updated protection, while individual users have got to display extra vigilance over unsolicited attachments to prevent Sober-O from following in Sober-N’s footsteps.”

More information about Sober-O is available at:

Don't miss