Symantec, a computer security company, recently announced that they have seen a significant increase in message traffic containing a new variant of the old Sober worm. This email (generally written in either English or German) hides the malicious code in an attachment and uses social engineering in order to con the user into opening it.
The known English versions of the message read either
You notified us that you have forgotten your password. We have changed your password to a random sequence of letters and digits! For more detailed information, see the attached password file.
or
Your eMail has occurred an unknown error on our Server. Please read your mail and check the text. The full email is attached!
More variations of the wording of the scam email are likely to appear over time. The message can seem to come from anybody and could appear to come from a trusted institution like your bank. The attachment could be under several different names but so far have all been .zip files. (.Zip files are sometimes not as well screened by anti-virus programs.)
While this is probably not going to be a particularly dangerous worm, it is a reminder to:
- Never open attachments in unexpected emails
- Always keep your anti-virus software up to date.
The Sober worm was first released back in October 2003. Variants remained in circulation and caused significant damage for several years. The last major variant of this worm was in 2005. The hackers sending out this worm typically set it to take over PCs, send spam, download keyloggers, install rootkits, etc.
Leave a Reply