« Secure Web Site?
Over-Medication with Pop-Up Blockers »

Warning: Sober Virus

The latest variant of the Sober family of viruses is causing the bulk of all virus infections at this time, or at least it is for english and german speaking parts of the world.

It is delivered via email. The email attempts to induce the recipient to open an attachment. The message depends on the language your computer is set to use.

The inducements are as follows:

  • German users usually get an email advertising World Cup soccer tickets.
  • English users will usually get a warning that their email could not be delivered, or something similar.

The attachment that contains the virus usually has the .zip file extension. Examples:

    account_info.zip
    autoemail-text.zip
    LOL.zip
    Fifa_Info-Text.zip
    mail_info.zip
    okTicket-info.zip
    our_secret.zip
    PassWort-Info.zip

Inside the zip archive is a file named: winzipped-text_data.txt [several blank spaces].pif This file contains the virus.

Delete any such emails. Do not open the attachment!

Your anti-virus program should have intercepted this virus. If it did not intercept this virus, then you have a major problem! First check to see that your anti-virus program has the latest updates. If it does, then either your email scanning may be mis-configured or your anti-virus program is not doing its job.

If your become infected, this virus will use your computer to mass mail itself to many other potential victims.

If your anti-virus program is unable to deal with this threat, then we suggest using on online virus scanner such as Housecall by Trend Micro.

-Practice Safe Computing-

Posted on Wednesday, May 11th, 2005 at 10:55 AM and filed under All Posts, Email Security, Malware. You can follow any responses to this post through the RSS 2.0 feed. You can leave a comment, or you may trackback from your own site.

2 Responses to “Warning: Sober Virus”

  1. Randall Says:
    May 14th, 2005 at 11:20 PM

    Here is an update:

    There has been a very interesting development with the Sober worm. After infecting thousands of computers, the virus writers evidently sent instructions to these computers to stop spreading the worm to others.

    Perhaps the virus writers had enough zombie computers to make their next move, whatever that might be. We shall see.

  2. Randall Says:
    May 17th, 2005 at 10:17 AM

    OK, now we know! Evidently all these infected, zombie computers were instructed to start spewing our right-wing extremist propaganda using the email server that the Sober.P variant had installed. This new variant is called Sober.Q, but has also been named Trojan.Ascetic.C by Symantec because of it’s SPAM spewing behavior that is under remote control.

    More info can be found HERE

    Again, this demonstrated the importance of having an updated anti-virus application. It may prevent your computer from spewing out hate mail.

Leave a Comment

You must be logged in to post a comment.

_____________________________________________________________________________________________________________