Latest Sober variants are far from friendly

• Tags:
• Viruses

Tom Espiner ZDNet.co.uk

Published: 06 Oct 2005 13:40 BST

• 
• 
• 
• 
• 

Two new variants of the Sober worm were detected on Thursday morning.

Sober.O and Sober.P both spread through email attachments and affects Windows operating systems, according to antivirus company Sophos. The worms send themselves to email addresses found on the infected computer, and also steal personal information.

In the last 12 hours, Sober.O has become the second most commonly reported virus, according to Graham Cluley, senior technology consultant at Sophos, and "is currently accounting for around 10 percent of all viruses reported".

Sober-o can arrive in both German and English, according to Cluley. "The German version is somewhat more interesting, and more widespread," he said in an email. Both worms feature the same message:

Fwd: class reunion
hi,
>I hope finally I've reached the right person this time!
Anyway I attached our old class photo taken in former times.
if you recognize yourself please really write back!
but if I addressed the wrong person once again sorry for the annoyance
;)
friendly greetings,
Hannelore

Previous Sober worms have been "very successful in the past, especially in Germany", according to Cluley.

The worm is interesting due to the way it draws people in, according to Cluley. "This version uses an interesting psychological hook. It appears to be a graphic, and appeals to people's natural wish to reconnect. The same thing drives Friends Reunited. It draws you in, and then you get hit," Cluley said.

The English language version is "not as convincing as it draws people in with the line 'your password has been changed' and tries to get you to click on a link to find out a new one. People are becoming more wary of this kind of attack," said Cluley.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed