Panda Virus Alert: Sober on the attack again

-ORANGE VIRUS ALERT: Sober on the attack again,
infecting computers worldwide-
Virus Alerts, by Panda Software (http://www.pandasoftware.com)​

Madrid, November 22 2005 - PandaLabs has detected the appearance of Sober.AH, a new variant of this well-known family of email worms, which has already started to cause numerous incidents in computers around the world. In fact, it is already one of the viruses most frequently detected by the Panda ActiveScan online antivirus solution.

One of the reasons for its success is that this new variant uses social engineering techniques, tricking users into running files that contain the system code. Among other possibilities, Sober.AH can reach computers as an attachment to an email message purporting to be a warning from the FBI, advising users that they have accessed illegal Internet addresses. The worm can send itself in email messages in either English or German depending on the intended recipient's address.

In any event, users should bear in mind that the email message containing Sober.AH is highly variable, as the subject field, message text and attachment name are chosen at random from a list of options. More details of these options are available in Panda Software's Virus Encyclopedia, at http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=98110&sind=0

If a user runs the file containing Sober.AH, a window is displayed with a false error message. However, while this is happening, the worm sends itself to all email addresses it finds in numerous system files. It checks the domains of the addresses by connecting to different public DNS servers and checks the time and date by connecting to different NTP servers.

In addition, the worm terminates processes running on the system belonging to certain applications, including some security solutions. Every time it terminates a process displays a dialogue box saying that no viruses, Trojans or spyware were found. The aim is to leave the computer unprotected against future attacks.

According to Luis Corrons, director of PandaLabs: "After many failed attempts, the creators of the Sober worms are finally achieving their objective the easy way: using social engineering. It is an unfortunate fact that whenever a malicious code uses some kind of message that could interest users, it manages to spread to numerous computers. The use of proactive technologies that can determine if an email message contains unknown malicious code prevents users from having to decide whether or not to open such potentially dangerous mail."

TruPreventTM proactive detection technologies detect and block Sober.AH, with no need for prior identification or updates. For this reason, computers with these installed have been protected from the moment the threat first appeared.

Panda Software clients that don't yet have TruPreventTM Technologies have the updates available to install them along with their antivirus and ensure they have prevented protection against unknown viruses and intruders. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the antivirus is updated, decreasing the risk of infection. More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

More information about these and other threats is available in Panda Software's Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/

 

-ORANGE VIRUS ALERT: Sober.AH is now the most frequently detected virus
worldwide according to data from the Panda ActiveScan online antivirus solution-
Virus Alerts, by Panda Software (http://www.pandasoftware.com)​

Madrid, November 22 2005 - The Sober.AH worm, detected just a few hours ago by PandaLabs, is now the most frequently detected virus worldwide, according to data collected by the Panda ActiveScan online antivirus solution.

As was expected, and given the fact that this worm sends itself in email messages in English or German depending on the recipient's address, the United States and Germany have been, until now, the countries most affected by Sober.AH. However, according to data from PandaLabs, incidents have been recorded all around the world.

According to Luis Corrons, director of PandaLabs, "The propagation capacity of Sober.AH, means that every time there is a new infection, the chances of receiving an infected email increase exponentially. For this reason users should treat email received with caution. Nevertheless, it is advisable to scan all mail with an up-to-date antivirus."

Sober.AH uses social engineering techniques in order to trick users into running infected files. The messages used by Sober.AH to spread include spoof warnings from the FBI or the CIA.

Computers that have the TruPrevent(tm) proactive technologies from Panda Software installed have been protected since this worm first emerged, as these can effectively detect and block Sober.AH. Panda Software clients that don't yet have these technologies already have the updates available to install them along with their antivirus and ensure they have preventive protection against unknown viruses and intruders such as Sober.AH. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the antivirus is being updated, decreasing the risk of infection: More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

More information about Sober.AH and other threats is available in Panda Software's Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/

 

-ORANGE VIRUS ALERT: Sober.AH has already affected thousands
of users worldwide-
Virus Alerts, by Panda Software (http://www.pandasoftware.com)​

Madrid, November 23 2005 - The Sober.AH worm is continuing to spread and has infected thousands of computers worldwide. According to data collected by PandaLabs, USA, Mexico and Germany are the countries most affected by this worm, as it is already the malicious code most frequently detected worldwide by the online antivirus solution Panda ActiveScan. To help stop the spread of Sober.AH, Panda Software has made its free PQRemove utility available to all users to effectively detect and eliminate this worm from any computer that could be infected. This utility can be downloaded from http://www.pandasoftware.com/download/utilities/

At the moment, millions of email message infected with Sober.AH are circulating. According to Luis Corrons, director of PandaLabs: "this makes us think that Sober.AH is being spammed out through networks of computers infected by bots, a type of malicious code that turns the computer into a zombie at the service of viruses and hackers. By doing this, the probability of receiving a message infected by this worm is very high and so is the risk of infection."

As Sober.AH does not exploit any vulnerabilities, but uses social engineering techniques to infect computers, the targets of its attack could be computers that do not have adequate protection against Internet threats, or that is not correctly updated. "An unprotected commuter is a threat to the entire Internet community. At the moment, the activity of cyber-criminals is reaching alarming levels, and their attacks are increasingly sophisticated. It is no longer enough to be careful with the web pages you visit or to act with caution when opening emails; it is necessary to use all the technological means available to maintain an acceptable level of protection against the dangers in the Internet", explains Luis Corrons.

The proactive protection technologies, TruPreventTM, have detected and blocked Sober.AH without needing to be able to identify it first, and therefore, without needing the updates. For this reason, computers with these technologies installed have been protected from the moment this threat first appeared.

Panda Software clients that don't yet have TruPreventTM Technologies already have the updates available to install them along with their antivirus and ensure they have prevented protection against unknown viruses and intruders. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the antivirus is updated, decreasing the risk of infection. More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

More information about Sober.AH and other threats is available in Panda Software's Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/