Sober strikes again - A new variant of the Sober family gains widespread distribution

23 November 2005

W32/Sober.Z@mm has gained wide distribution since 21 November 2005. This newest variant of the Sober family was quickly detected by FRISK Software virus analysts and virus signature files providing protection against this threat were released.

The worm arrives as an attachment to e-mails that, in some cases, attempt to fool users into opening the attachment with fake warnings from the FBI, CIA or from the German BKA. Like other Sober variants, W32/Sober.Z@mm sends itself in an attachment to e-mails written in both German and in English, depending on the suffix of the recipient's e-mail address. The original Sober worm W32/Sober.A@mm appeared roughly two years ago in October 2003 and became one of the most widespread worms ever, wreaking havoc with computer networks worldwide.

This newest member of the Sober family is turning out to be the most extensive virus outbreak of this year and has been classified as high risk by FRISK Software's virus experts who will be monitoring the progress of the worm over the next few days.

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Sober.Z@mm using virus signature files dated 21 November 2005 or later.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN