W32/Sober.C@mm spreads increasingly fast in German speaking areas
W32/Sober.C@mm has spread considerably in recent days, particularly in German speaking areas. This is a worm that is written in Visual Basic and is relatively similar to its predecessors.
Sober.C spreads primarily via e-mails with varying subjects and body text in either German or in English. The language of the e-mail depends on the suffix of the recipient's e-mail address. The body text of the e-mails uses various approaches to encourage recipients to open the attachment. However, If the attachment, which has a .txt.exe extension and contains the worm's executable, is opened, the computer becomes infected.
On infection Sober.C displays a fake error message claiming that the worm's own file has "caused an unknown error." The worm then harvests new e-mail addresses from the infected computer's hard drive and uses its own SMTP engine to e-mail itself to these addresses in order to spread itself further.
After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.
The latest versions of F-Prot Antivirus detect W32/Sober.C@mm using virus signature files dated 20 December 2003 or later.