Security threats Toolkit

A sobering thought for the festive season

Published: 16 Nov 2005 09:40 GMT

There are at least three new variants of the Sober worm spreading across the Internet via email messages. The viruses are activated once a user clicks on an infected attachment.

The new variants of Sober, a worm that first appeared in 2003, are capable of disabling antivirus programs, according to a report from F-Secure.

Antivirus company Kaspersky Lab said on its Web site that large numbers of infected emails have been intercepted. This confirms, according to the company, that the epidemic was caused by spamming. Kaspersky identified the variants as Sober.u, Sober.v, and Sober.w.

Internet security officials in Germany warned Monday of a possible Sober attack. In recent months, Sober has been used in that country to spread right-wing propaganda.

Last month, a variant of the Sober worm was spread as an attachment that claimed to be an old class photo sent by a schoolmate.

Sober can hijack a Windows-based computer and force it to send spam e-mails. The continuous e-mailing can lead to overloaded servers and reduced network performance.

Security firms cautioned computer users to be careful when opening attachments. Infected messages may have a random subject line or none at all, Kapersky said.

But the attachments can be recognized by their names: Exceltab-packed_List.exe, Liste.zip and Reg-List-Dat_Packer2.exe., reg_text.zip Word-Text.zip, Word-Text_packedList.exe and Word-Text_packedList.zip.

The virus creators appeared to taunt security experts with a message left in the code which reads: "Use your debuggers, it's fun."