Sober PC Virus Reappears & Utilizes Tactics of Social Engineering
Security company 'PandaLabs' alerts that Worm Sober has made a comeback in a new version called Sober.Y, as reported by prnewswire on July 9, 2009.
The worm propagates through two different kinds of e-mail. The first one is written in English and uses the header (topic) "Your new password" to make recipients imagine that this is notification for a password change. The e-mail also contains an attachment named 'pword_change.zip' with the suggestion of checking details.
The other e-mail, scripted in German language, states that a file named 'KlassenFoto.zip" is attached which apparently has an old photo of school pals.
Nonetheless, both the attachments are malicious as they carry an executable called PW_Klass.Pic.packed-bitmap.exe that is the malicious program, Sober itself.
The security company states that if a user runs the zip file, it will result in a bogus error of the 'CRC (Cyclic Redundancy Check)' type even though the action has already been kicked off.
According to the company, the virus gathers e-mail IDs from files having specific extensions stored on the hijacked PC. Thereafter, the virus sends itself to those IDs through e-mails captioned "Your new password." The German language e-mail employs its own SMTP (Simple Mail Transfer Protocol) engine to propagate.
Nevertheless, PandaLabs draws everyone's attention towards Sober's characteristic use of the German version of the spam mail. It is sent to only those IDs that have suffixes .de (Germany), .li (Lichtenstein), .at (Austria), or .ch (Switzerland).
While there haven't been too many incidents so far, security researchers at PandaLabs say that Sober.Y has strong potential to multiply and infect people's computers.
The researchers further disclose that the malicious Sober has a number of other variants such as, Sober.AC, Sober.AD, Sober.AE and Sober.V that appeared successively.
Citing the virus along with its method of proliferation as an example, PandaLabs' researchers elucidated that the virus again showed how tactics of social engineering could be successfully employed to proliferate such malware across the Web. They added that even if no great innovation was made technically, an appropriate caption used at an appropriate time could assist in creating a large epidemic.
Related article: Spyware Detection Programs Track Advertisers’ Cookies
» SPAMfighter News - 30-07-2009