Two variants of Sober worm infect PCs worldwide

Two new incarnations of the W32/Sober computer worm are spreading in large numbers across the Internet since yesterday, infecting home and business PCs around the globe.

Infections from the latest W32/Sober-N and W32/Sober.p worms began about noon Eastern time Monday and have been bombarding machines with e-mails generated internally by the worms, according to alerts from several antivirus software vendors.

Richard Wang, manager of the virus lab of Sophos, said the W32/Sober-N worm accounts for about 70 percent of all the virus reports the company has received since yesterday. The worm is sent to a recipient in an e-mail and is only activated if the recipient clicks on the enclosed file attachment. The file payload then searches for all e-mail addresses on the infected computer and sends a copy of itself to each address. The e-mails are sent out until the worm is eradicated, Wang said.

In English-speaking countries, the fake e-mail notifies the recipient that someone has obtained his account and password information for an unnamed account and tells the user to click on the attached file to find out what information has allegedly been stolen. In German-speaking countries, the fake e-mail tells the recipient that he won tickets to the upcoming 2006 Soccer World Cup events. The attached files are named, or and sometimes also include the word "error" in the file name.

"It's pretty normal in terms of what worms do," Wang said. "What's unusual about it is the sheer volume it has at the moment."

Wang said he had no statistics on the number of infections the worm has caused so far, nor on how many e-mail messages are carrying the worm.

Sophos and other major antivirus vendors have already updated their antivirus software to prevent the worm from getting into a PC and have created tools to remove it once a machine is infected, Wang said. "You do need to get rid of it once you get it; otherwise it will just slow you down," he said.

Moscow-based antivirus vendor Kaspersky Lab has issued a similar alert about the Win32.Sober.p worm variant, which it said is hitting hard in Western Europe.

In an e-mail alert, the lab said the new Sober.p worm was first detected yesterday and has "broken records in terms of the number of infected messages sent out and speed of propagation throughout Western European segments of the Internet."

Sober.p also spreads as a .zip attachment in an e-mail, according to Kaspersky Lab.

Antivirus software vendor Symantec Corp. said in a statement that the W32/Sober-N worm, which it calls W32.Sober.O@mm, apparently peaked in its activity yesterday and has been tapering off in reports today. Symantec's Security Response office ranked the worm as a Category 3 risk, with Category 5 being the highest risk.

Alex Shipp, senior antivirus technologist at managed e-mail security vendor MessageLabs, said his company stopped 1.1 million e-mails carrying the Sober-N worm since yesterday. The worm isn't causing major traffic troubles or slowdowns on the Internet, he said. "It's a medium-sized virus, but it's not really on the scale of some of the biggest ones in the past," Shipp said.

The first Sober worm, Sober-A, was circulated in October 2003 and has been followed by a string of variants.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Todd R. Weiss

Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender solutions stop attacks before they even begin! Get cybersecurity that 500 MILLION users already have and trust.

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?