Warning on bilingual Sober virus

Sober R arrives as a Zip file attachment

Computer users are urged to be on their guard following warnings of a new worm and a phishing attack on payment service Escrow.com.

Security firm MacAfee has raised its threat level for Sober R, which is spreading fast. The bilingual English/German virus arrives as a Zip file attachment named 'pword_change.zip' or 'KlassenFoto.zip' with the following message:

Subject: 'Your new Password'
Body: 'Your password was successfully changed! Please see the attached file for detailed information.'

Once activated the virus displays an error message and installs itself onto the system. It then harvests addresses from the PC and mails itself on using its own SMTP engine, but does not appear to collect passwords or log keystrokes.

Sober R is also what MacAfee describes as 'Stinger aware'. Stinger is a free utility that destroys common malware but if any software named Stinger is activated the virus shuts it down and displays a pop up window telling the user that the scan was successfully completed. 

The first Sober worm appeared over two years ago and variants have used a variety of social engineering tactics to spread, including promising Paris Hilton porn, World Cup football tickets and even right wing propaganda.

The author is thought to be German but has not been caught, despite Microsoft offering a substantial reward.