Antivirus firms are tracking several new variants of the prolific Sober worm, warning that these versions drop malicious files onto the machines they infect. Like past variants, these use e-mail attachments to spread.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"We went from Sober-U to Sober-Z about four hours ago," Kaspersky Lab of Russia said on its Web site Tuesday. "These Sobers are pretty much the same [as] before."
The worm drops a file oddly named "not-a-virus:PSWTool.Win32.PassView.162" into the system directory, Kaspersky said. "This tool is used to spy on passwords. Like previous variants, Sober-U uses an exclusive lock to make removal difficult."
Kaspersky said possible e-mail attachments may be under such names as: Exceltab-packed_List.exe, Liste.zip and Reg-List-Dat_Packer2.exe., reg_text.zip Word-Text.zip, Word-Text_packedList.exe and Word-Text_packedList.zip.
Cupertino, Calif.-based Symantec reported the appearance of Sober-S@mm, Sober-W@mm and Sober-T@mm, saying the variants use their own SMTP engine to spread. "It sends itself as an e-mail attachment to addresses gathered from the compromised computer," the firm added.
Finnish antivirus firm F-Secure Corp. said it has raised its alert status to level 2 because of the four Sober variants it has been monitoring. At last check, F-Secure reported Sober-X and Sober-Z as the latest variants.
According to F-Secure, Bavarian police warned it on Monday that a new Sober attack might be launched the following day. The prediction proved accurate, the firm said in its daily lab blog.
"The German police is basing the information on a year-long investigation into the Sober case (the author of the virus is German)," F-Secure said. "They also say they can not provide more details at this time."
This article originally appeared on SearchSecurity.com.