Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

MessageLabs Stops Over 1.1 Million Copies Of New Sober Virus

  • 04 May, 2005 10:46

<p>MessageLabs, the leading provider of email security and management services to businesses, has now intercepted over 1.1 million copies of a new variant of the Sober worm – “W32/Sober.S@mm”.</p>
<p>Once activated, the worm will attempt to delete certain files on the recipient’s system including some files related to security software. The first copy of the worm was intercepted from the United States at 16:00:45 GMT.</p>
<p>Name: W32/Sober.S@mm
Number of copies intercepted as of 7:00 p.m. GMT May 3rd: 1,108,432
Time &amp; Date first Captured: 2nd May, 16:00:45 GMT
Origin of first intercepted copy: United States</p>
<p>Other countries where the virus has been intercepted in large quantities by MessageLabs include: Singapore, US, Great Britain, China, Netherlands, Germany, New Zealand, Austria, France, Belgium, Denmark, Latvia, UAE, South Africa, the European Union, Chile, Mexico and India.</p>
"W32/Sober.S@mm" is a mass-mailing worm that sends itself in an email. It is also called "Sober.N", "Sober.O" and "Sober.P" and it affects most computers that use Microsoft Windows.</p>
<p>The worm arrives in an e-mail in German or English, including a subject line in English or German with a ZIP file attachment. In the German version the note claims to be from the soccer organization FIFA. If the attachment file is opened, the worm will be triggered, and spread to others in your address book.</p>
<p>Email Characteristics</p>
<p>From: <various>@microsoft.<various></various></various></p>
Either: Your password
Or: Your email was blocked
Or: Mail errors
Or: Registration confirmation
Or: WM-Ticket-Ausloesung</p>
Account and Password information are attached!
Visit: http://www. (sender’s domain)</p>
Herzlichen Glueckwunsch,
beim Run auf die begehrten Tickets fuer die 64 Spiele der Weltmeisterschaft 2 in Deutschland sind Sie dabei.
Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang.
Ihr „ok2006“ Team
St. Rainer Gellhayusa</p>
The threat arrives in an email attachment. The name varies, and may contain one of the following:</p>
<p>Inside the ZIP archive is a file named either:
<p>Size: 53,554 byte attachment</p>
MessageLabs detected all strains of this virus proactively, using its unique and patented Skeptic™ predictive heuristics technology.</p>
<p>About MessageLabs
MessageLabs is the world's leading provider of email security and management services with more than 11,000 clients and offices in eight countries. For more information, please visit</p>

Most Popular