Sober-F email worm spreading via email, users warned to be on their guard by Sophos

Sophos Press Release

Researchers at Sophos, a world leader in protecting businesses against viruses and spam, have warned computer users to be on their guard against a new variant of the Sober email worm which has been sighted in the wild.

The W32/Sober-F worm was spotted over the weekend, spreading via email systems using a variety of subject lines including "Oh my God", "Hi, it's me", "Well, surprise?!" and "Bad Gateway".

Users who launch the attached file invoke the virus, which harvests email addresses it finds on the computer's hard drive. The worm then forwards itself onto the list of email addresses it has discovered, sending itself in the form of a German language message if it determines it is being sent to an German email address.

"This latest incarnation of the Sober worm is capable of clogging up email systems and stealing bandwidth with the number of emails it can generate," said Graham Cluley, senior technology consultant for Sophos. "The fact that this worm appeared over the weekend underlines how vital it is for users to automate their anti-virus updates. All companies should wake up to the importance of filtering dangerous content at the email gateway."

In a sneaky twist the worm can append a message to the bottom of infected emails claiming that it has already been virus scanned, and no malware has been detected.

"The ploy of adding a 'No virus found' message at the bottom of the email is deliberately designed to appeal to those who are too impatient to practise safe computing," continued Cluley.

Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.

Plus de 100 millions d’utilisateurs dans 150 pays ont retenu Sophos comme la meilleure défense du marché contre les menaces complexes et les risques de pertes de données. Régulièrement primées, ses solutions intégrées de sécurisation et de protection des informations sont simples à déployer, à administrer et à utiliser, et offrent le coût global de possession le plus avantageux du marché. Elles permettent le chiffrement des données, la protection des systèmes d’extrémité et des mobiles, la sécurisation du Web et de la messagerie et le contrôle d’accès réseau, avec le support permanent des SophosLabs, le réseau mondial de centres d'analyse des menaces de Sophos.

Les sièges sociaux de Sophos se trouvent à Boston, États-Unis et à Oxford, Royaume-Uni.