Solutions Buy Download Information Partners Support Forum About us «Doctor Web» company news (RSS channel)

New Sober strives to lead

Virus monitoring service of Doctor Web, Ltd. informs on an outbreak of a serious epidemic caused by the new mass-mailing worm from the infamous Sober family, labeled as Win32.HLLM.Generic.345. With other antivirus vendors the worms is named as W32/Sober.p@MM, WORM_SOBER.S, Win32.Sober.N and Sober.P.

According to Global statistics service of Doctor Web, Ltd., the worm has easily snapped off more than 20 % of the infected with other malwares traffic and has already pressed numerous representatives from the Netsky family, which strongly held their leading positions in the virus chart thus winning the second place.

The new Sober mass spreads via email using its own SMTP engine. The mail messages are written both in English and German. It pretends to be a mail requiring passwords confirmation or informing on a registration. The attachment accompanying its spreading, has names either in English or in German: 

LOL.zip 
our_secret.zip 
mail_info.zip 
account_info.zip 
autoemail-text.zip 
_PassWort-Info.zip 
Fifa_Info-Text.zip 
okTicket-info.zip

Having penetrated a system, the worm displays a messages as if of a WinZip error. The worm creates numerous files in the Windows and System directory and the following files are the worm’s copies 

 
CSRSS.EXE 
SERVICES.EXE 
SMSS.EXE
It secures its autolaunch by adding the value
"_WinStart" = C:\WINDOWS\Connection Wizard\Status\services.exe
to the registry keys
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Its destructiveness is displayed in deleting or overwriting with its copies certain files from the Symantec directory.

Doctor Web, Ltd. strongly advises to treat with utmost care suspicious messages and never open mails from unknown or hardly known senders, especially if they arrive with attachments. If you failed yet to install an antivirus program and feel your computer is infected with this worm, you can always check the suspicious file with the help of our free online check for viruses.

Besides, if you still do not use an antivirus, or suspect your current antivirus program fails to operate, you can use new free service of Doctor Web, Ltd. Download the express scanning packed called CureIT! from our web-site and run it. In just several seconds Dr.Web antivirus scanner will check your computer for malicious programs and cure them.


     Other news

2008-09-05Doctor Web against extortion
2008-09-04One of the key players of Telecom market in Smolensk adopts Dr.Web AV-Desk
2008-09-02Subscribers of leading ISP in Belgorod shielded by Dr.Web AV-Desk
2008-09-01August virus activity review from Doctor Web
2008-08-28Intersvyaz starts public testing of the Dr.Web anti-virus service
2008-08-25Leading Russian manufacturer of weapons chooses Dr.Web
2008-08-22Comprehensive protection from Dr.Web for subscribers of Teleos-1
2008-08-19Improved version of GUI-scanner for Dr.Web for Windows released
2008-08-18Dr.Web for Windows standard of anti-virus protection for executive bodies of Permskiy Kray
2008-08-13Doctor Web has released a free decryption utility to counteract the new extortion Trojan.Encoder.19
2008-08-13Dr.Web AV-Desk anti-virus covering for subscribers of Bashinformsvyaz
2008-08-08Doctor Web: statement on Virus Bulletin comparative reviews
2008-08-08Telnet secures its subscribers with Dr.Web anti-virus
2008-08-05July 2008 virus activity review by Doctor Web
2008-08-01Dr.Web AV-Desk now in Ulyanovsk region
2008-07-31Dr.Web AV-Desk deployment summary by Eltel
2008-07-31Dr.Web AV-Desk moves on in Moscow region
2008-07-24Three regions of Moscow protected by Dr.Web AV-Desk
2008-07-23Doctor Web releases new LinkChecker for Mozilla Firefox
2008-07-22Dr.Web AV-Desk chosen by ISP "Hazynet" in Krasnoyarsk
2008-07-18Doctor Web, Ltd. releases Active Directory installer for Dr.Web Enterprise Suite 4.44.3
2008-07-16Dr.Web anti-virus now accessible to subscribers of Infocentre
2008-07-16Doctor Web launches the beta-testing of Dr.Web for MIMEsweeper
2008-07-15Anti-virus protection is delivered to subscribers of Lintecs by Dr.Web AV-Desk
2008-07-15”Nauka-Sviaz” deployed Dr.Web AV-Desk
2008-07-15Dr.Web AV-Desk adopted by three ISPs in Krasnoyarsk
2008-07-15Dr.Web will protect Internet users of GlavSET
2008-07-14Dr.Web anti-virus is the new service for subscribers of SZT
2008-07-14Dr.Web AV-Desk deployed by MajaNet in Estonia
2008-07-12Dr.Web AV-Desk will secure networks of Maginfo
2008-07-11Corrected verson of Dr.Web SpIDer Guard 4.44 released
2008-07-11Dr.Web for IBM Lotus Domino validated by IBM
   Information



   My five cents
 
What is the screen size of your monitor?

12''
14''
15''
17''
19''
more than 19''
other


Doctor Web, Ltd. © 2008 Doctor Web, Ltd. - a Russian company developing and distributing Dr.Web® Anti-virus solutions.
Our customers can be found among home users from all regions of the world and in large enterprises, small companies and nationwide corporations. We thank all of them for support and long-term devotion to our product. State certificates and awards received by the Dr.Web Anti-virus, as well as the geography of our users are the best evidence of exceptional trust to the products created by the talented Russian programmers.