Computer Crime Research Center


Sober-M Worm virus running in the wild, Sophos Reports

Date: April 20, 2005
Source: Computer Crime Research Center
By: Media Release from Sophos Anti-Virus

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have warned users that the W32/Sober-M worm is spreading in the wild. The worm is currently the fifth most commonly encountered virus in the last 24 hours, being beaten only by variants of the prevalent Netsky and Zafi worms.

The W32/Sober-M worm bulk mails itself in either German or English language, depending on whether it believes the recipient's email address to be owned by a German or English speaker.

Email sent in English have the following characteristics:

Subject line: I've_got your EMail on my_account!

Message text: Hello, First, Very Sorry for my bad English. Someone is sending your private e-mails on my address. It's probably an e-mail provider error! At time, I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you &zipped then. Make sure, that this mails don't come in my mail-box again. bye

Attached file:

"This latest variant of the Sober worm may catch out the unwary as they open their email inbox," said Graham Cluley, senior technology consultant at Sophos. "It looks like the virus writer is deliberately using 'broken English' to lull people into a false sense of security that it's not a virus that has sent the message through, but an aggrieved email user. The virus plays on people's desire to be a good net citizen – anyone who receives a message like this may feel duty bound to open the attachment and investigate how their computer has been sending erroneous email, but such good intentions could result in a nasty infection."

Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection. Sophos anti-virus products have been capable of detecting the W32/Sober-M worm since 2:07 a.m. GMT on 19 April, 2005.

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-02-20 08:42:14 - Very useful blog. Thank you. Vanessa
2005-10-24 10:47:50 - ur all a bunch of gay anzboi
2005-09-17 21:21:18 - Thank you very much! Gaane
2005-05-04 23:17:31 - 34hke your are the most gays person i know 321
2005-04-25 10:46:54 - bravo for sophos anti virus. keep it up. princess
2005-04-20 11:54:17 - wow 34hke
Total 6 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo