Sober worm returned

A few days ago, security experts noticed signs of the return of a deep-destructive worm - Sober appeared more than 3 years ago.

This new variant of Sober - W32.Sober.AA@mm , although new, has spread quite quickly. The Sober worm first appeared and was disturbed by the Internet system starting in October 2003, and then appeared scattered throughout 2004 and 2005.

Hon Lau, a senior security response specialist from Symantec, said the W32.Sober.AA@mm variant has begun to appear since last Sunday. These infected e-mails often have titles in German or English, contained in the malicious code and use "social engineering" techniques to trick users into opening them.

The contents of the W32.Sober.AA@mm "sticky" deep e-mails are: " You communicated us that you have forgotten your password. We have changed your password to a random sequence of Letters and digits! See the file attachment ". (We were told that you lost your password. We changed your password to a random text and number. To see detailed information, please open the attachment ").

Attached e-mail attachments are often named: PasswỴData, PDatan, or MailỴData, all in zip file format.