Sober worm makes a comeback

Virus writers have resurrected the Sober worm with a new variant that is spreading quickly over the Internet, according to security experts on Tuesday afternoon.

The worm, dubbed Sober.M, reports email addresses of victims back to its anonymous author — a technique known as harvesting. Spammers typically buy these fresh email addresses to add to their lists of email recipients.

The email containing the worm is written in bad English with the subject line: "I've got your email on my account."

"It looks like the virus writer is deliberately using broken English to [convince] people the email is not a virus," said Graham Cluley, senior technology consultant for antivirus firm Sophos.

Sophos said that the worm was fifth most reported virus over the last 24 hours, closely followed by versions of Zafi and Netsky. It's thought that all the major anti-virus companies are now offering protection against the worm, so users should updated their virus protection.

Sober.M is a mass emailing virus that spreads as a .zip file attachment. The email containing the worm sends itself in German or English language. The English version of the email is below.

Subject line: I've_got your EMail on my_account!

Message text:

Hello,
First, Very Sorry for my bad English.
Someone is sending your private e-mails on my address.
It's probably an e-mail provider error!
At time, I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you & zipped then. Make sure, that this mails don't come in my mail-box again. bye

Attached file: your_text.zip