(Sober) Mutant Starts to Squirm

Anti-virus vendors on Monday issued upgraded threat warnings for a mutant of the W32/Sober-C worm now squirming its way through e-mail in-boxes.

The W32/Sober worm, a mass-mailer which also spreads via file-sharing on P2P networks, has added a bilingual element and arrives with a range of attachment filenames — EXE, SCR, PIF, COM, CMD or BAT.

Chris Beltoff, a senior security analyst at Mass.-based Sophos Inc., told internetnews.com the increased sightings of a mass-mailing virus at the height of the Christmas shopping season puts new PC owners at the highest risk.

“The risk is high because of the new, unprotected computers that are being sold off the shelf. Depending on how long that PC has been sitting on the shelf, it’s likely new PCs are unprotected against the latest viruses. Remember, the average consumer isn’t going to make patching his main priority on a new computer, Beltoff said.

He said the appearance of a virus variant with bi-lingual subject lines and message bodies increases the odds of spreading. Sober-C mails itself with subject lines and message bodies in English and German and uses e-mail addresses harvested from a compromised machine.

Network Associates upped its threat level because of “increased prevalence” over the weekend and warned that 80 percent of the intercepted virus comes from Germany.

Warning that the virus targets both home and corporate users, Network Associates said the characteristics of Sober-C has put Germans or users in German-speaking regions at higher risk.

E-mail security firm MessageLabs also issued an alert warning that a “significant number” of the latest variant of Sober-C had been intercepted over the last 48 hours.

News Around the Web