After a long period of silence, Sober's latest variant has exploded with powerful attack on computer systems around the world.
The latest Sober variant is called Sober.j (called by McAfee) or Sober.i (by F-Secure and Kaspersky). The new attachment is attached to e-mail attachments in English or German. Depth is only activated when the user opens the infected attachment.
Like previous variants, Sober.j will collect e-mail addresses on victim computers and distribute messages to these addresses. E-mail viruses have different headers and chunks.
When enabled, Sober.j will display a fake error message, and proceed to create two new files in the Windows directory. According to McAfee, it is almost impossible to manually delete these two files because they are attached to the computer memory, and when the file is deleted another file is immediately created.
According to security vendors, the new Sober variant does not affect the computer system beyond the self-replicating function. The worm also does not install keyloggers or backdoors like other worm versions.
