Dr.Web - innovative technologies for information security. Antivirus & antispam protection. / Information

New Sober strives to lead

Virus monitoring service of Doctor Web, Ltd. informs on an outbreak of a serious epidemic caused by the new mass-mailing worm from the infamous Sober family, labeled as Win32.HLLM.Generic.345. With other antivirus vendors the worms is named as W32/Sober.p@MM, WORM_SOBER.S, Win32.Sober.N and Sober.P.

According to Global statistics service of Doctor Web, Ltd., the worm has easily snapped off more than 20 % of the infected with other malwares traffic and has already pressed numerous representatives from the Netsky family, which strongly held their leading positions in the virus chart thus winning the second place.

The new Sober mass spreads via email using its own SMTP engine. The mail messages are written both in English and German. It pretends to be a mail requiring passwords confirmation or informing on a registration. The attachment accompanying its spreading, has names either in English or in German:

LOL.zip 
our_secret.zip 
mail_info.zip 
account_info.zip 
autoemail-text.zip 
_PassWort-Info.zip 
Fifa_Info-Text.zip 
okTicket-info.zip

Having penetrated a system, the worm displays a messages as if of a WinZip error. The worm creates numerous files in the Windows and System directory and the following files are the worm’s copies

 
CSRSS.EXE 
SERVICES.EXE 
SMSS.EXE

It secures its autolaunch by adding the value
"_WinStart" = C:\WINDOWS\Connection Wizard\Status\services.exe
to the registry keys
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Its destructiveness is displayed in deleting or overwriting with its copies certain files from the Symantec directory.

Doctor Web, Ltd. strongly advises to treat with utmost care suspicious messages and never open mails from unknown or hardly known senders, especially if they arrive with attachments. If you failed yet to install an antivirus program and feel your computer is infected with this worm, you can always check the suspicious file with the help of our free online check for viruses.

Besides, if you still do not use an antivirus, or suspect your current antivirus program fails to operate, you can use new free service of Doctor Web, Ltd. Download the express scanning packed called CureIT! from our web-site and run it. In just several seconds Dr.Web antivirus scanner will check your computer for malicious programs and cure them.

Other news

	Information
News viruses anti-virus corporate Subscribe to our news Free services Virus info lookup

Doctor Web, Ltd. - a Russian company developing and distributing Dr.Web® Anti-virus solutions.
Our customers can be found among home users from all regions of the world and in large enterprises, small companies and nationwide corporations. We thank all of them for support and long-term devotion to our product. State certificates and awards received by the Dr.Web Anti-virus, as well as the geography of our users are the best evidence of exceptional trust to the products created by the talented Russian programmers.