» Topic:  Sober worm comeback poses as schoolfriend pic

» Added by:  John Leyden

» Date:  7.10.2005

  Virus writers have created a duo of email worms which pose as pictures of old schoolfriends. The Sober-O and Sober-P worms were bulk mailed to thousands of potential victims overnight in an attempt to seed infection.

Like earlier versions of the Sober worm, the bilingual virus can travel in both English and German language emails. Windows users duped into opening infected attachments will find their machines turned into zombie drones under the control of hackers.

When translated, the German version of the infected email messages contains text referring to a class reunion. English language versions of both worms refer to password changes. The malware sends German versions to email addresses associated with German (.de) and Austrian domains. English language versions go to everyone else.

"It may be flattering to think that someone has taken the trouble to look you up and make contact, but it's a lot less pleasant when you realise it's really a virus writer trying to hijack your computer," said Graham Cluley, senior technology consultant at Sophos. "The success of websites like FriendsReunited and Classmates.com show that many people have used the net to keep in touch with old school friends. The worry is that those targeted will be unable to tell which messages are genuinely from friends, and which ones are designed to cause trouble."

Sober-O uses the same tricks as its predecessor, Sober-N, one of the biggest virus outbreaks of 2005. Sober-N posed as offers for tickets to the 2006 World Cup in Germany.

Source : www.theregister.co.uk