RealTime IT News

Sober's Rating is Raised

McAfee today announced that its Anti-virus and Vulnerability Emergency Response Team (AVERT) raised its risk assessment to "Medium" on the recently discovered W32/Sober.r, also known as Sober.r.

Sober.r is a fast-moving worm that spreads via e-mail, sending itself to addresses found on the victim's machine.

The worm arrives as a ZIP file that contains an executable file inside, named "PW_Klass.Pic.packed-bitmap.exe." And it has many of the same functionalities as its Sober predecessors, researchers at McAffee's AVERT said.

Users would need to manually extract the executable from the ZIP file and manually run the attachment in order to be infected.

The bilingual German and English virus arrives with the subject line "Your new Password" and contains a body reading: "Your password was successfully changed! Please see the attached file for detailed information."

The worm was first reported to McAfee AVERT researchers today and has received more than 50 reports of the virus in the wild from unique senders.

The mass mailing threat contains its own SMTP engine that constructs outgoing messages written in both German or English, depending on the version of Windows, the firm said.

Sober.r harvests addresses from local files and then uses the harvested addresses to send itself. This enables the worm to produce a message with a spoofed From address.

The first Sober worm arrived in 2003 and has spread numerous variants around the Internet since. It spread quickly thanks to the lure of terms such as Paris Hilton porn and World Cup soccer tickets.