|
|
3 May 2005: The Sober N virus, discovered on May 2, is another mass-mailing worm which has quickly spread its way around the globe, faster than what many of its peer worms have managed so far. The Sober virus mail pops up in your inbox as an innocent message from Fifa's World Cup soccer 2006 organising committee, which confirms that you have won free tickets for the next year's World Cup Football in Germany. The mail is, apparently, from the official Fifa website.
Other variants of the virus are Sober P and Sober S.
The mail could be in English or German. The English version does not mention the World Cup ticket part; rather it mentions some changes need to be made in your account. The Sober mail asks you to open the attchment for details on the World cup free ticket.
The attached zip file contains a pif file, which is to be installed on your computer. On extraction, it gives an error message and stops. Silently, Sober harvests all the email addresses in your system and create necessary windows registry entries to run at start-up.
The Sober worm installs a backdoor in the system, which can be used by the virus-writer later to remote-control the system. Sober virus then mass-mails itself to all addresses in the victim's address book, choking bandiwdth, flooding computers with messages and slowing down machines.
The soccer virus message also has real emails and phone numbers of the Fifa office; so the Fifa organising committee's computers too crashed and the office was flooded with phone calls.
The Fifa organising committee said that it never sends email confirmations of world cup football 2006 tickets as attachments. Organizers were still unable to send e-mails late Tuesday, spokesman Gerd Graus said, adding that preparations for next year's World Cup were unaffected.
Anti-virus firms like Trend Mcro, McAfee and Sophos have issued alerts of varying threat levels to focus on the threat.
In 24 hours, the W32/Sober-N worm raced to the top of the most widespread virus chart, making for 62% of all viruses seen by Sophos' monitors around the world.
Graham Cluley, senior technology consultant for Sophos said, "Many people will be eager to attend one of the biggest sporting events in the world next year, and may think its worth the risk of opening the email attachment just in case the prize is for real. Computer users who don't practise safe computing will feel as sick as a parrot, and will only be passing this worm onto other unsuspecting victims."
Stopping and removing world cup soccer virus Sober:
Do not open attachments from mails purportedly sent by Fifa to you - they dont send attachments.
If infected, remove the Sober virus with standalone tools like Stinger tools availble from McAfee.
For details on Sober infection and prevention, visit McAfee:
http://vil.nai.com/vil/content/v_133409.htm
BY OUR TECHNOLOGY CORRESPONDENT
|
