|Genotype technology is built into all Sophos products, proactively defending against new
Last updated 29 November 2005 with latest
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centres, are warning
computer users that the new Sober-Z worm is spreading
at such a rate that it now accounts for over 88% of all viruses
reported to Sophos - making it currently the most widespread
computer virus in the world.
Accounting for a staggering one in 13 of all emails travelling
across the internet, the Sober-Z worm sends itself as an email
attachment and attempts to turn off security software on the user's
The worm lures innocent computer users into opening its infected
attachments using a variety of tricks that include posing as an FBI
or CIA agent with attached questions to be answered, and a phoney
offer of Paris Hilton and Nicole Richie video clips from 'The
Simple Life'. Instead, in the case of every Sober-Z attachment, the
zip file contains a copy of the worm with the filename
File-packed_dataInfo.exe. The worm then scans the user's
hard drive for other email addresses, in its search for other
computers to infect.
Typical email messages sent by the worm can include, but are not
limited to, the following:
hi, ive a new mail address
hey its me, my old address dont work at time. i dont know why?!
in the last days ive got some mails. i' think thaz your mails but
im not sure! plz read and check ...
The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures
& more ;)
Download is free until Jan, 2006!
Please use our Download manager.
"The sheer rate at which this worm is spreading proves that the
devious tricks used by the worm's creator are working," said
senior technology consultant at Sophos. "This should be a wake up
call to businesses across the globe as to the major level of threat
that viruses pose to IT security. It's absolutely imperative that
all organisations defend their networks from such attacks with a
At 00:00 on 6 January 2006, the worm attempts to download
further code from the internet. If no code is downloaded the Sober
worm is programmed to stop replicating via email.
The author of the Sober worm has now been attacking innocent
computer users for more than two years and Sophos is calling for
anyone with information about the author to report it to the
computer crime authorities.
Sophos customers proactively protected against Sober-Z
Sophos's proactive Genotype™ technology was capable of detecting
the Sober-Z worm proactively (naming it as W32/Sober-Gen),
defending customers' computers without requiring an update.
Sophos PureMessage, Sophos's consolidated
email gateway solution which defends businesses against both spam
and viruses, can also block the spam messages sent by the worm.
Sophos strongly recommends companies thwart virus and spam
threats and secure their desktops and servers with automatically
updated anti-virus and anti-spam