Sober returns using social engineering techniques

PandaLabs has recorded the appearance of a new variant of the Sober worm, Sober.Y, which spreads using social engineering techniques in emails sent in English or German. This worm was intercepted by Panda Software’s TruPreventTM Technologies without prior identification, so users of these technologies have been protected against this threat from the outset.

The worm uses two types of mail to propagate: Firstly, an email in English with the subject “Your new password”, which tries to make users think it is notification of a change of password, asking them to check the data in an attached file, Secondly, an email written in German claiming to contain a photograph of old school friends in the file Both compressed files contain the executable PW_Klass.Pic.packed-bitmap.exe, which is a copy of the worm itself.

If the file is run, a false CRC error is displayed, even though the action has already started. The worm collects email addresses from files with certain extensions on the compromised computer, and sends itself out to them in the emails described above using its own SMTP engine. It will only use the German version of the email if the addresses end in .de (Germany), .ch (Switzerland), .at (Austria), or .li (Lichtenstein).

Even though the number of incidents recorded is low, this worm has significant propagation potential, and therefore PandaLabs has made the corresponding update to the signature file available to users.

For further information about these and other computer threats, visit Panda Software’s Encyclopedia.

About PandaLabs

Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients save. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPreventâ„? Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users (more info at

Don't miss