W32/Sober.C@mm spreads increasingly fast in German speaking areas

22 December 2003

W32/Sober.C@mm has spread considerably in recent days, particularly in German speaking areas. This is a worm that is written in Visual Basic and is relatively similar to its predecessors.

Sober.C spreads primarily via e-mails with varying subjects and body text in either German or in English. The language of the e-mail depends on the suffix of the recipient's e-mail address. The body text of the e-mails uses various approaches to encourage recipients to open the attachment. However, If the attachment, which has a .txt.exe extension and contains the worm's executable, is opened, the computer becomes infected.

On infection Sober.C displays a fake error message claiming that the worm's own file has "caused an unknown error." The worm then harvests new e-mail addresses from the infected computer's hard drive and uses its own SMTP engine to e-mail itself to these addresses in order to spread itself further.

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Sober.C@mm using virus signature files dated 20 December 2003 or later.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

2014 © CYREN · Privacy Statement