Tuesday, November 22, 2005

New Sober variant disguised as a message from the BKA

Tettnang, 22 November 2005 - H+BEDV urgently warns all users of the operating systems Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003 against the computer virus Sober.Y. The current Sober attack shocked the users with a faked email from the Federal Criminal Police Office.

The Federal Criminal Police Office has been abused as being the sender of the email with the subject: ‘You own pirate copies’ in order to trick the recipient in opening the attachment whatever founded or unfounded accusation. The mass mailer worm automatically sends itself when opening the attachment to all the contacts he found on the infected computer.

The virus experts discovered that Sober Y has been programmed along with its six predecessors: Worm/Sober.T, Worm/Sober.V, Worm/Sober.W, Worm/Sober.X, Worm/Sober.Z and Worm/Sober.AA. The variants left the worm on the infected system which will activate at a certain trigger date: the programmed trigger date enables the Sober Y to send itself after at least 23 days from 29.10.2005 to all the email contacts.

The users may recognize the email infected with this virus on the following characteristics:

Sender: Federal Criminal Police Office, subject: “You own pirate copies”. The email text basically states that the content of the computer has been taken as evidence and that it will be used for taking legal steps against the recipient.

“Emails from an official authority only cause little mistrust. But beyond that, this attack aims directly the guilty conscience of the user or the fear of being unjustly accused. Many of the users have pirate copies although they are aware of the fact that it is accusable”, comments Gernot Hacker security expert and COO of H+BEDV. Regardless whether they are guilty or not, many users will open the attachment to find out details about those accusations. Since the authorities generally use the post office for their mail, I advise you to ignore all the emails that pretend to come from official authorities.

The security experts from H+BEDV recommend all affected people to immediately delete this email without reading it and to install a virus scan that can protect them against future similar attacks. The users that have the present version of the H+BEDV antivirus software AntiVir are protected against this virus because the program already recognizes the worm as malware.

This counts for the updates from 15.11.2005 (VDF 6.32.00.180). Older versions of the antivirus software will recognize the worm on his generics: Worm/Sober.Gen

The current software can be downloaded from www.antivir.de .The private users can also protect themselves against the uninvited guest

The new AntiVir PersonalEdition Premium www.antivir-pe.de offers extensive protection for the home PC.

About H+BEDV Datentechnik

H+BEDV Datentechnik GmbH is specialized in developing cross-system business security solutions since 1988. Its clients include leading national and international enterprises, both for-profit and non-profit, as well as various educational institutions and public entities.

In addition to its extensive product portfolio for Microsoft Windows systems, the company is a growing technological leader in the growth market for Linux operating systems. H+BEDV Datentechnik GmbH already offers high-performance solutions for file servers, Web servers, mail servers and workstations.

The AntiVir scanner was again awarded the Virus Bulletin 100% Award in 2005 and has a current certification by the German quality assurance authority TÜV.

In addition to its own distribution channels, H+BEDV Datentechnik GmbH has a comprehensive network of resellers in Europe and throughout the world. The company also works closely with the German Federal Office for Information Security (BSI).

Company Contact:
Adela Kohl/Gernot Hacker
H+BEDV Datentechnik GmbH
Lindauer Str. 21
D-88069 Tettnang
Telephone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Email: mailto:presse@antivir.de

Press Contact:
Jacklin Montag
Lewis Communications GmbH
Baierbrunner Strasse 15
D-81379 München
Telephone: +49 (0) 89 1730 19 19
Fax: +49 (0) 89 1730 19 99
Email: antivir@lewispr.com

About Avira

Avira protects people in the connected world – enabling everyone to manage, secure, and improve their digital lives. The Avira umbrella covers a portfolio of security and performance applications for Windows, Android, Mac, and iOS. In addition, the reach of our protective technologies extends through OEM partnerships. Our security solutions consistently achieve best-in-class results in independent tests for detection, performance, and usability. Avira is a privately-owned company that employs 500 people. Its headquarters are near Lake Constance, in Tettnang, Germany, and the company has additional offices in Romania, India, Singapore, China, Japan & the United States. A portion of Avira's sales support the Auerbach Foundation, which assists education, children, and families in need. For more information about Avira visit www.avira.com.