Want CNET to notify you of price drops and the latest stories?

Sober worm variant makes the rounds

Sober.P harvests e-mail addresses from a victim and then sends a barrage of spam to those recipients.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto
A new variant of the mass-mailing Sober worm has been discovered and is spreading among consumer PC users, security experts said Monday.

Sober.P, which operates in a similar fashion to other Sober worms, uses a subject header in an e-mail to try to entice people into opening an attachment. The virus then harvests e-mail addresses from the victim and directs a barrage of spam to those addresses.

"The social engineering has been very effective," said Craig Schmugar, virus research manager for McAfee Avert. "They will use German messages for German Windows users. They tell them they've won tickets to the World Cup, and that has been an effective (ploy) for that region."

The variant also has been compressed to make it more difficult for security software to identify when scanning a system, Schmugar said.

"Sober.P is very similar to Sober.M. They come on quick, then quickly die off," he said.

McAfee has given the worm a "medium" risk rating for home PC users.