Sober worm offshoot lurks behind class photo

Now that's a really bad high-school photo.

A new variant of the Sober e-mail worm has started spreading as an attachment that claims to be an old class photo sent by a schoolmate. But if recipients open the file, they don't see a picture of themselves in braces. Instead, a worm tries to steal their information and then mail itself to others.

Antivirus software maker Sophos said the Sober variant is now the second most commonly reported virus, accounting for approximately 10 percent of all reports in the last 12 hours.

"Playing off of flattery, nostalgia and the success of Web sites (like Friends Reunited and Classmates Online), this dangerous virus has only one aim: to steal information from as many victims as it can," Gregg Mastoras, a senior security analyst at Sophos, said in a statement.

But others downplayed the risk. Symantec, for example, rated the bug a "2" on its scale of 1 to 5, with 5 being the most threatening.

"We're seeing a number of submissions--but not anything overwhelming," said Eric Chien, principal software engineer at Symantec Security Response. "It's not going to be a Blaster," he added, referring to the MSBlast worm outbreak.

Chien said there are two reasons for this. First, both companies and individuals are becoming more sophisticated in their awareness of threats. Businesses are blocking e-mail attachments that carry executable files, even those that are compressed, while individuals are treating unsolicited attachments with more suspicion, even if they recognize the sender.

"I think people are definitely more tuned in to your classic e-mail worm," Chien said.

Second, virus writers are increasingly putting their energy toward more targeted attacks, often those aimed at quietly making money through theft rather than attracting infamy through a mass outbreak. That said, Chien said he doesn't see the classic mass-mailing worm going away.

"We'll still have them," he said. "They will sort of be that background noise."

Sober variants, in particular, have topped the ranks this year, with one version spewing hate messages and another offering free World Cup tickets. Although it is making a comeback this year, the bug has been around since 2003.

As is typical, the virus is getting different names from different companies. Sophos is calling it Sober-O, Secunia is calling it Sober.R, and Symantec is calling it W32.SoberQ@mm. But under a new identifier system designed avoid name confusion, it is known by all as CME-151.

"It's less sexy of a name, but at least it provides a cross-reference for vendors and customers," Chien said.

[Oscar Rat]

Email Viruses.

I have a simple solution, three part.
1. Don't keep an address book. A simple cut and paste from a text file will do the same thing.
2. I use an old copy of Eudora that doesn't know what an HTML file is, much less use Java or Active-X. Don't use that email program that comes with windows. It's not only a lousy program, but all those viruses are written specifically for it. Its and open invitation. There are many others out there, many free.
3. I never open an attachment, period. If someone wants to send me something, they can post it in the message itself. Never, but never open junk mail.
Oh, one other thing. When you get something supposedly from a place like ebay, microsoft, your bank, or ratlife, always check the actual address on the URLs. Its usually at the bottom of your screen. Just because the link says ebay, doesn't mean the actual address is the same.

Oscar Rat

Good

This is the first intelligent post of the evening I read. Average computer users don't take enough precautions. I am suprised you are doing what you are doing. It helps stop the spread of virus. Even though I use outlook express, because its easy and there, I never open stuff from people I don't know, always check the e-mail address, and never open up e-mail from anyone except family and close friends that I know personally run virus programs that are up to date.

[Oscar Rat]

Email Viruses.

I have a simple solution, three part.
1. Don't keep an address book. A simple cut and paste from a text file will do the same thing.
2. I use an old copy of Eudora that doesn't know what an HTML file is, much less use Java or Active-X. Don't use that email program that comes with windows. It's not only a lousy program, but all those viruses are written specifically for it. Its and open invitation. There are many others out there, many free.
3. I never open an attachment, period. If someone wants to send me something, they can post it in the message itself. Never, but never open junk mail.
Oh, one other thing. When you get something supposedly from a place like ebay, microsoft, your bank, or ratlife, always check the actual address on the URLs. Its usually at the bottom of your screen. Just because the link says ebay, doesn't mean the actual address is the same.

Oscar Rat

Good

This is the first intelligent post of the evening I read. Average computer users don't take enough precautions. I am suprised you are doing what you are doing. It helps stop the spread of virus. Even though I use outlook express, because its easy and there, I never open stuff from people I don't know, always check the e-mail address, and never open up e-mail from anyone except family and close friends that I know personally run virus programs that are up to date.