PandaLabs has detected the appearance of a new worm called Sober.I. This malicious code is designed to spread rapidly via email in a message that can be written in English or German. According to data gathered by Panda Software’s international tech support network, Sober.I is starting to spread across German-speaking countries, such as Germany and Austria, causing incidents in users’ computers.

The messages carrying Sober.I have extremely variable characteristics, as the subject, message body and name of the attachment are all selected at random. If the user runs the file containing Sober.I, it creates a large number of files on the computer, such as clsobern.isc and nonzipsr.noz, which are copies of the worm, or logsys.exe and syssmss32.exe, which are files used by the worm to carry out its actions.

When it has been run, Sober.I looks for email addresses on the affected computer, which it then sends itself out to using its own SMTP engine. If the domain of the email address belongs to Switzerland (.ch), Germany (.de), Austria (.at) or Liechtenstein (.li), the worm inserts German texts in the email message. If the domain is any other than those mentioned above the email will be sent in English.

Finally, Sober.I inserts several entries in the Windows Registry in order to ensure that it is run whenever the computer is started.

Due to the high possibility of being infected by Sober.I, Panda Software advises users to take precautions and update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.

In addition, users can scan their computers online for free with the Panda ActiveScan.

For further information about Sober.I, visit Panda Software´s Virus Encyclopedia.

About PandaLabs

On receiving a possibly infected file, Panda Software´s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/