WORM_SOBER.G - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

WORM_SOBER.G

Overview

Solution

Technical Details

Malware type: Worm

Aliases: W32/Sober.g@MM, Win32.Sober.G, W32/Sober-G, Sober.G, I-Worm.Sober.G

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		High

Description:

This memory-resident worm propagates using its own SMTP (Simple Mail Transfer Protocol) engine. The email it sends out has varying subjects, message bodies and attachment file names and may be written in English or German.

It gathers target email addresses from files with certain extension names.

The following is a screenshot of its sample email message:

�Email

It also displays the following message box upon execution:

�Message

When the user clicks the Yes button to this message box, the malware opens a Notepad window with garbage text.

This UPX-compressed malware is written in Visual Basic, a high-level programming language, and runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 13, 2004 4:15:32 AM GMT -0800
Description updated: May. 14, 2004 3:41:24 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.