Select country22 November 2005
A large wave of Sober worms is sweeping through email inboxes all over the world. The new Sober variant Sober.AA. is so far this year's largest email worm outbreak.
Sober.AA is spreading in large number and is using highly intriguing and tempting subject messages. Many of the emails appear to be sent from CIA or FBI, while others claim to deliver videos of Paris Hilton and Nicole Richie. FBI has sent out a public statement warning people not to open the emails and saying that they will investigate the crime further.
When executed the worm will show a bogus error message ("Error in packed Header"), and then install itself on the system. It will then search available sources for email addresses to send itself to.
Sober.AA detects recipient country and will select English or German language depending on this.
So far Sober.AA has been spreading massively, but there has not yet been many infections.
Norman SandBox proactively detected this variant of Sober.AA as Sober.gen even before Norman added the signature to its virus signature files.
Click here for a more detailed description of Sober.AA
Update 25 November 2005
Sober.AA continues to spread.
The email worm Sober.AA is still highly active and continues to propagate all over the world. The Sober.AA attack started Sunday and reached a preliminary peak Wednesday. Thursday was calmer, while the worm once again appears to be very active today, Friday.
Norman SandBox detected many infected emails Friday morning, mainly from Sweden, Denmark, Germany, England and Norway.