Researchers at Sophos, a world leader in protecting businesses
against viruses and spam, are warning computer users about the
latest variant of the Sober worm, Sober-I (W32/Sober-I), which has
been spreading widely since this morning.
The Sober-I worm, is a mass mailing worm which sends itself to
email addresses harvested from an infected computer. It uses a
variety of subject lines, message bodies and file attachment names
in either English or German, including the following:
Subject:
Oh God
Text:
I was surprised, too!
Who_could_suspect_something_like_that? shityiiiii
Attachment:
im_shock.zip
Subject:
Delivery_failure_notice
Text:
This mail was generated automatically. More info
about --<random name>-- under: http://www.<random
URL>
Attachment:
mail_147.zip
Some German-language sightings of the worm have contained
messages claiming to come from a 21-year-old GoGo dancer with long
blonde hair who says she is seeking employment as a nude model. The
email claims that she has attached naked photographs of herself,
but they really contain a copy of the malicious Sober-I worm.
"This latest variant of the Sober worm may catch out the unwary
as they open their email inbox this morning," said Graham Cluley, senior
technology consultant at Sophos. "Although much-publicised virus
outbreaks in the past should have made users more nervous of
double-clicking on unsolicited email attachments, some still find
it hard to resist. All users should be reminded to follow safe
computing guidelines, and PCs should be kept automatically updated
with the latest anti-virus protection."
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam
threats as well as secure their desktop and servers with
automatically updated anti-virus protection.
Sophos offers the following advice:
- Update your anti-virus software regularly so you can identify
new worms and viruses effectively and accurately. Ideally you
should be using automatic updates to ensure you are always defended
by the very latest virus protection.
- Emails which sound too strange to be true, or sound too good to
be true, probably aren't true. You don't need to be cynical or
paranoid to exercise caution!
- If you have peer-to-peer file sharing programs installed on
your company's network, consider removing them. It is almost
impossible to make a business case for unregulated file sharing
across the internet, on account of the associated dangers.
- Doing nothing about viruses and worms is not an option. Once
infected by a worm like Sober, your computer will try to send the
worm to as many other potential victims as it can. Even if you
don't care about your computer, be considerate of the effect that
your carelessness might have on other internet users.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.