New Sober Worm (Virus) on the Loose

We have gotten several of these this morning so watch your mail from this one. Your virus filters may not catch it yet.

From Eweek:

New Sober Worm on the Loose
By Dennis Fisher
November 19, 2004
A new version of the Sober worm appeared on the Internet early Friday morning and already it is having quite a bit of success infecting users in Europe through the use of social engineering.


Sober.J arrives in an e-mail message that appears to be a returned-mail error message, telling the user that an e-mail sent earlier has bounced. The message typically contains a .zip, .bat, .com, .scr or .pif attachment and a body text that is some variation on the following:

This mail was generated automatically.More info about --YAHOO-- under:
does_not_like_recipient.# 185:
Giving_up_on_178.218.194.86.# 533:
The original mail is attached.Auto_Mail.System: [yahoo]

The subject line of the e-mail message varies, but often indicates that the message is a warning about a bounced e-mail, such as:

Faulty_mail delivery
Mail_delivery failed

When the recipient opens the attachment, the worm displays a fake error message saying that a portion of the WinZip software is missing.

The worm then copies itself to the Windows System folder in two separate locations, using filenames that it constructs dynamically from a small set of common strings, including sys, spool, crypt, host, dir, service, win, run, 32, data, and a few others, according to an analysis by McAfee Inc., based in Santa Clara, Calif. The filename always ends in "exe."

Sober.J then creates several registry keys to ensure it will be run on startup and searches for e-mail addresses on the infected machine. It then begins mailing itself to all of the addresses it finds.

Check out's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzer's Weblog.


Add your voice! Click below to comment. ThriftyFun is powered by your wisdom!

November 23, 20040 found this helpful

I woke up to about 30 of these in my email box this morning. It has worked it's way from Europe to the U.S. I first posted this on 11-19 when I saw the first one in my email.

Reply Was this helpful? Yes
July 24, 20050 found this helpful

There are three ways to secure your computer. One is if you use windows you use the windows update. It has secuity patches and udates. Secondly and equally important is to have your model computer site and get all updates there for your computer and its drivers. So if it is HP, you do that first. Some windows updates have conflicts with Windows Updates. You will need to make sure you do this. Make sure your version of Internet browser is updated also. Most and or equally a yearly virus protector. You will need to update the virus definitions weekly. I do it every couple of days or set it to do it automatically. I almost fell out of my chair when a lady online told me she had Nortons 2002 and it showed no viruses. They make viruses every day. I used Nortons Internet Security. You can buy online cheaper and you can get the pkg that allows you to dowload from there all year in case you have to do a restore or reformat. You need to bookmark these sites to check and have a day to remind you to do these things.


Symantec (nortons) will have the instructions to take out viruses you have to manually. They make it easy. So remember there is 4. Windows update, if you use windows, Your computer type site, Virus scan and your browser ,ie, Internet Explorer, or AOL. I do not like AOL , I call it the childrens browswer but you they supply your virus scan for those who cant afford it all. Do not take Attachments. You have features to make rules in your email. Make a yahoo account and let them send to their. They have a virus scan. Never open mail that you do not recognize. Save your server mail for people you know and trust. Make sure they keep their computer clean also. Many don't realize they are sending virus. Symantec had a feature that shows how to make these rules but not accepting files. Outlook has a feature you can add these files extentions and they will not be downloaded period..

All virus products and computer and broswers have these same services. I am not trying to choose your product. :)

Reply Was this helpful? Yes

Add your voice! Click below to comment. ThriftyFun is powered by your wisdom!


Home and Garden Cleaning ComputerNovember 23, 2004
Coronavirus Tips
Thanksgiving Ideas!
Christmas Ideas!
Ask a Question
Share a Post
Better LivingBudget & FinanceBusiness and LegalComputersConsumer AdviceCoronavirusCraftsEducationEntertainmentFood and RecipesHealth & BeautyHolidays and PartiesHome and GardenMake Your OwnOrganizingParentingPetsPhotosTravel and RecreationWeddings
Published by ThriftyFun.
Desktop Page | View Mobile
Disclaimer | Privacy Policy | Contact Us
Generated 2020-11-09 09:15:12 in 1 secs. ⛅️️
© 1997-2020 by Cumuli, Inc. All Rights Reserved.