Security news19 November 2004
Many reports of Sober-I worm spreading via email, reports Sophos
Researchers at Sophos, a world leader in protecting businesses against viruses and spam, are warning computer users about the latest variant of the Sober worm, Sober-I (W32/Sober-I), which has been spreading widely since this morning.
The Sober-I worm, is a mass mailing worm which sends itself to email addresses harvested from an infected computer. It uses a variety of subject lines, message bodies and file attachment names in either English or German, including the following:
Subject: Oh God
Text: I was surprised, too! Who_could_suspect_something_like_that? shityiiiii
Attachment: im_shock.zip
Subject: Delivery_failure_notice
Text: This mail was generated automatically. More info about --<random name>-- under: http://www.<random URL>
Attachment: mail_147.zip
Some German-language sightings of the worm have contained messages claiming to come from a 21-year-old GoGo dancer with long blonde hair who says she is seeking employment as a nude model. The email claims that she has attached naked photographs of herself, but they really contain a copy of the malicious Sober-I worm.
"This latest variant of the Sober worm may catch out the unwary as they open their email inbox this morning," said Graham Cluley, senior technology consultant at Sophos. "Although much-publicised virus outbreaks in the past should have made users more nervous of double-clicking on unsolicited email attachments, some still find it hard to resist. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection."
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
Sophos offers the following advice:
- Update your anti-virus software regularly so you can identify new worms and viruses effectively and accurately. Ideally you should be using automatic updates to ensure you are always defended by the very latest virus protection.
- Emails which sound too strange to be true, or sound too good to be true, probably aren't true. You don't need to be cynical or paranoid to exercise caution!
- If you have peer-to-peer file sharing programs installed on your company's network, consider removing them. It is almost impossible to make a business case for unregulated file sharing across the internet, on account of the associated dangers.
- Doing nothing about viruses and worms is not an option. Once infected by a worm like Sober, your computer will try to send the worm to as many other potential victims as it can. Even if you don't care about your computer, be considerate of the effect that your carelessness might have on other internet users.
