W32.Sober.I@mm virus

November 19, 2004

A new variant of the Sober virus (W32.Sober.I@mm) has been sighted at Virginia Tech. W32.Sober.I@mm is a mass-mailing worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the infected computer. The subject of the email varies and will be in either English or German. The email sender address is spoofed. The name of the email attachment varies, and it will have a .bat, .com, .pif, .scr, or .zip file extension. The attachment may also have a double extension.

Removal

Symantec has released further information and removal instructions for this virus:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html.