New Sober worm poses as Microsoft patch
A new virus discovered Monday plays off fears generated by last week's wave of worms by masquerading as a patch from Microsoft that purportedly keeps MyDoom at bay.
Sober.d, also dubbed Roca.a by some security firms, arrives in an e-mail message with a subject that reads “Microsoft Alert: Please Read!” (The worm also comes in a German flavor, with a matching headline of “Microsoft Alarm: Bitte Lesen!”)
The message's text then goes on to urge the recipient to open the attached file, which can arrive either as an executable, or within a password-protected Zip archive. The attachment, claims the message, will protect the user's computer from a new variant of the MyDoom worm, and has other text that tries to pass itself off as coming from Microsoft. (Microsoft never e-mails security updates.)
[ Read more ]
- Review: Viruses Revealed (28 April 2003)