/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW DELHI: TrendLabs has declared a medium risk virus alert in order to control the spread of this new SOBER variant. TrendLabs has received numerous infection reports indicating that this malware is spreading in the France, Germany, and Austria.
According to the press note, this mass-mailing worm arrives on a system as an email message. The text may be in both German and English, however SOBER.I is also able to send out emails in German language only should the recipient target be of German domain. The previous version of SOBER contained German text only. It propagates by sending copies of itself to certain email addresses, which it gathers from files on the system that have specific extension names. Notably, it also avoids sending messages to email addresses that contain certain strings. It also slows systems, taking up bandwidth and in turn reducing employee productivity.
Utilizing social engineering techniques to fool users into opening the email, the title of the email often gives the impression that it is an undeliverable email or a notice regarding a user's password.
Additionally, to further entice innocent users the content of WORM_SOBER.I may include information suggesting the email has been scanned and found clean by a number of antivirus companies.
Interestingly, to try and ensure a successful infection, 2 executable files are dropped into the victims system, the second executable acting as a backup should one copy be terminated in memory by an antivirus product. The files are of zero in size and Previous variants only dropped one executable.
The release further states that Trend Micro customers are protected through the latest pattern file, number 2.255.00. Customers of Outbreak Prevention Services should download OPP 134 (or later) to help protect against spread of this threat. For customers of Damage Cleanup Services, Damage Cleanup template # 457 should be downloaded to help with automated restoration of affected systems. Trend Micro Vulnerability Assessment and Network VirusWall pattern files will also support detection of WORM_SOBER.I
Other users should use Trend Micro's free online virus scanner, Housecall, which can be found at http://housecall.trendmicro.com.