The Sober worm is a highly-damaging mass-mailing e-mail worm (self-replicating computer program) that spreads by mailing itself to all addresses in a user’s e-mail address book, for which the Sober worm uses its own on-board SMTP (Simple Mail Transfer Protocol) engine.

The Sober worm was first discovered on October 24, 2003, with new strands of the Sober worm resurfacing during 2004 and 2005. The last big outbreak happened on November 21st, 2005, with the Sober X worm disguised as an e-mail from various United States government agencies, including the FBI.

Once the attachment is opened, the worm disables all anti-virus systems and acts as spyware (stealing and transmitting personal information). It also creates entries and copies itself in the system directory. Upon opening the attachment, the worm may display a message box that reads “No viruses, trojans, or spyware found! Status: Ok.” Once installed and run, the worm may also show a fake error message that reads “Error in packed header.” Both of these tricks are used to persuade users that no problem exists with the attachment. But in reality, the Sober worm consumes network bandwith, displays fake error messages when programs are opened, terminates anti-viruses and other security systems, and creates false registry entries in the computer.

The Sober worm sends itself with different subject names in either English or German (examples include, but are not limited to,”New internet virus!,” “You have sent me a virus!,” “Re: Contact,” and “Sorry, I’ve become your mail, and I’ve become your mail!”).

The attachment names may…

[Continue reading All About the Sober Worm]

[tags]sober worm. computer worm,computer worms,smtp,sober x[/tags]