The number of incidents caused by Sober.Y increases, Panda Software offers free tools to eliminate it
Madrid, October 6, 2005 – PandaLabs has detected a significant increase in the number of incidents caused by the new Sober.Y. This new mass-mailing worm has a large capacity to spread and is sent out in messages written in English or German. For this reason, Panda Software has declared an Orange virus alert status. To prevent Sober.Y from continuing to spread, above all across computers that do not have adequate anti-malware protection installed, Panda Software has made its free PQRemove utility available to all users to effectively detect and eliminate this worm from any computer that could be infected. This utility can be downloaded from http://www.pandasoftware.com/download/utilities/.
According to Luis Corrons, director of PandaLabs “the Sober worms have always boasted about their capacity to spread and this new variant is no exception. This is probably because it uses social engineering techniques, to persuade users to run the infected files, and changes the language of the email message sent, depending on the location of the recipient.”
Sober.Y uses two types of mail to propagate: Firstly, an email in English with the subject “Your new password”, which tries to make users think it is notification of a change of password, asking them to check the data in an attached file, pword_change.zip. Secondly, an email written in German claiming to contain a photograph of old school friends in the file KlassenFoto.zip. Both compressed files contain the executable PW_Klass.Pic.packed-bitmap.exe, which is a copy of the worm itself. The message type received varies depending on the extension that appears in the email address. It will only use the German version of the email if the addresses end in .de (Germany), .ch (Switzerland), .at (Austria), or .li (Lichtenstein).
Computers that have the TruPrevent(tm) proactive technologies from Panda Software installed have been protected since this worm first emerged, as these can effectively detect and block Sober.Y. Panda Software clients that don’t yet have these technologies already have the updates available to install them along with their antivirus and ensure they have preventive protection against unknown viruses and intruders, like Sober.Y. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the antivirus is being updated, decreasing the risk of infection: More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent
To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.pandasoftware.com/home/default.asp. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters.
Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software’s website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.
For more information about Sober.Y and other IT threats go to Panda Software’s Encyclopedia at: www.pandasoftware.com/virus_info/enciclopedia
NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the ‘cut’ and ‘paste’ options to join the pieces of each URL.