Panda Virus Alert: Sober.AC, AD, AE worms

- The new Sober.AC, AD and AE worms are being distributed
in dozens of different formats -
Virus Alerts, by Panda Software (http://www.pandasoftware.com) ​

Madrid, November 15 2005 - PandaLabs has detected the reappearance of the Sober worm in the form of three new variants, Sober.AC, AD and AE, new members of this large family of malicious code that can spread in email messages written in English or German. These email messages have variable characteristics and contain a compressed file carrying a copy of the worm.

As on previous occasions, their author or authors have initially distributed these worms manually, although in this case, they have used dozens of compression formats for the file carrying Sober. "The aim is no other than to avoid detection by traditional antivirus programs. Although it is the same malicious code, it is often necessary to use different vaccines to block the same worm, precisely because of the format in which it has been compressed. Therefore, the more formats used, the more vaccines need to be developed and the longer the time needed to generate them all. This is the time that the authors of these worms are trying to take advantage of to infected as many computers as possible", explains Luis Corrons, director of PandaLabs.

The proactive TruPreventTM Technologies have effectively detected these variants of Sober in all the file formats they have used up until now, so systems with these technologies installed have been protected from the moment that each of these malicious codes appeared. "These types of infections, with a large number of variants released in a very short space of time, are when proactive protection is most effective, as it does not need our intervention with a signature file in order to react. In fact, since they were released in August 2004 our technologies have blocked attacks from over 23,000 different unidentified threats. This gives you an idea of the huge virus activity in the Internet", says Luis Corrons.

When it infects computers, Sober automatically sends itself out to all the email addresses it finds in a large number of files stored on the computer. These messages have variable subjects, file names and languages. The worm will send a message in German to address with the suffix '.de' (Germany), '.li' (Liechtenstein), '.ch' (Switzerland) or '.at' (Austria). If addresses end in a different suffix, the message will be sent in English.

Panda Software clients that don't yet have TruPreventTM Technologies already have the updates available to install them along with their antivirus and ensure they have prevented protection against unknown viruses and intruders such as Sober.AC, AD or AE. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the antivirus is updated, decreasing the risk of infection. More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

For further information about these and other computer threats, visit Panda Software's Encyclopedia: http://www.pandasoftware.com/virus_info/encyclopedia/