Press Releases

Browse our press release archive

19 Apr 2005

Net citizens with good intentions may be caught out by Sober-M worm, Sophos reports

Experts at SophosLabsâ„¢, Sophos's global network of virus and spam analysis centres, have warned users that the W32/Sober-M worm is spreading in the wild. The worm is currently the fifth most commonly encountered virus in the last 24 hours, being beaten only by variants of the prevalent Netsky and Zafi worms.

The W32/Sober-M worm bulk mails itself in either German or English language, depending on whether it believes the recipient's email address to be owned by a German or English speaker.

Email sent in English have the following characteristics:

Subject line:
I've_got your EMail on my_account!

Message text:
Hello,
First, Very Sorry for my bad English.
Someone is sending your private e-mails on my address.
It's probably an e-mail provider error!
At time, I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you & zipped then.
Make sure, that this mails don't come in my mail-box again.
bye

Attached file:
your_text.zip

"This latest variant of the Sober worm may catch out the unwary as they open their email inbox," said Graham Cluley, senior technology consultant at Sophos. "It looks like the virus writer is deliberately using 'broken english' to lull people into a false sense of security that it's not a virus that has sent the message through, but an aggrieved email user. The virus plays on people's desire to be a good net citizen - anyone who receives a message like this may feel duty bound to open the attachment and investigate how their computer has been sending erroneous email, but such good intentions could result in a nasty infection."

Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection. Sophos anti-virus products have been capable of detecting the W32/Sober-M worm since 2:07 a.m. GMT on 19 April, 2005.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy