Saturday, November 20, 2004

- Panda Software reports the appearance of Sober.I -

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

MADRID, November 19, 2004 - PandaLabs has detected the appearance of a newworm called Sober.I. This malicious code is designed to spread rapidly via email in a message that can be written in English or German.

According to data gathered by Panda Software's international tech support network,Sober.I is starting to spread across German-speaking countries, such as Germany and Austria, causing incidents in users' computers.

The messages carrying Sober.I have extremely variable characteristics, as the subject, message body and name of the attachment are all selected at random.

If the user runs the file containing Sober.I, it creates a large number of files on the computer, such as clsobern.isc and nonzipsr.noz,which are copies of the worm, or logsys.exe and syssmss32.exe, which are files used by the worm to carry out its actions.

When it has been run, Sober.I looks for email addresses on the affected computer, which it then sends itself out to using its own SMTP engine.

If the domain of the email address belongs to Switzerland (.ch), Germany (.de), Austria (.at) or Liechtenstein (.li), the worm inserts German texts in the email message. If the domain is any other than those mentioned above theemail will be sent in English.

Finally, Sober.I inserts several entries in the Windows Registry in order to ensure that it is run whenever the computer is started. Due to the high possibility of being infected by Sober.I, Panda Software advises users to take precautions and update their antivirus software.

PandaSoftware has made the corresponding updates available to its clients to detect and disinfect this new malicious code.

In addition, users can scan their computers online for free with the PandaActiveScan, available at http://www.pandasoftware.com/ For further information about Sober.I visit Panda Software's Virus Encyclopedia