New Sober Worm Surfaces
Antivirus company McAfee has upgraded the W32/Sober.k@MM to a "medium-risk worm" after receiving more than 50 reports of the virus to its AVERT (Anti-virus and Vulnerability Emergency Response Team) team since Sunday evening.
According to McAfee, the virus is a "mass mailing threat that contains its own SMTP engine to construct outgoing messages, which are written in German or English. It harvests addresses from local files and then uses the harvested addresses to send itself. This produces a message with a spoofed 'From' address."
The worm arrives as a zip file attached to an e-mail and has many of the same functionalities as its W32/Sober.j@MM predecessor. The attachment that comes with the worm is named "EMAIL_TEXT.ZIP" or "TEXT.ZIP," and has the file "MAIL_TEXT-INFO.TXT," followed by many spaces, then the extension .PIF within the zip file itself.
McAfee is directing users to its Web site for more information and the cure for Sober.k. The company also advised customers to update their antivirus definition files as soon as possible to combat the new variant.
The new Sober worm follows new variants of the Bagle worm surfacing last week, which McAfee also lists as "medium risk."
Sober.k can be removed using the latest release of McAfee's AVERT Stinger application.