People & News

W32.Sober.P

W32.Sober.P and its variants were responsible for the glut of unwanted German e-mails which greeted employees on Monday morning. According to Stephan le Roux of Symantec the worm is not destructive, but it could slow Internet access speeds.

The worm has its own Simple Mail Transfer Protocol (SMTP) engine - a protocol for sending e-mails between computers - which it uses to mail itself to the e-mail address book of the computer. This "spoofing" means that you may recognise some of the e-mail addresses from which the message comes from, as the worm picks up addresses in one's address book.

E-mails containing the worm tend to have a German subject line, and may have an attachment, which should not be opened. Meanwhile another more insidious worm WORM_MYTOB.EG is spreading.

Its modus operandi is as follows:
It propagates by sending a copy of itself as an attachment to e-mail messages, which it sends to target addresses, using its own SMTP engine.

It gathers target e-mail addresses from the Temporary Internet Files folder Windows Address Book (WAB), as well as from files with certain extension names. It may also generate e-mail addresses by using a list of names and any of the domain names of the previously gathered addresses.

This worm has backdoor capabilities, which allow a remote user to perform malicious commands on the affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.

Moreover, it prevents users from accessing several antivirus and security web sites by redirecting the connection to the local machine.

What this means to users is that they will be receiving a lot of additional spam. One will also be receiving messages stating that an email you sent contained a virus. This is spoofing and as long as the mail is not in your Sent Items you did not send it.

Please remember to never open e-mail from strangers or any attachment that looks suspicious.

The link below will give you a detailed description and some examples of the virus:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.EG

Article on Moneyweb

Leave a comment:

Security Picture (click to change)
Word shown in picture:
advert
menu close

Search Articles