14 DAY TRIAL // A new version of Sober, Sober.S, is trying to infect computers by promising free tickets to the world's biggest sporting event.
Sober is arriving as an e-mail with a .zip attachment and the subject is announcing that the recipient has won tickets for 2006 World Cup. The virus was discovered Monday and security analysts have reported that this version of Sober has 2 versions: English and German.
The text of e-mail prompts the user to open and run the attachment for details about tickets. In fact, the .zip archive contains a .pif file, which after is manually executed, it copies itself in the Windows directory and the worm creates registry keys to load itself at startup.
Then Sober is harvesting the e-mail addresses form the infected system and is trying to spread.
McAfee and Trend Micro have rated this new version of Sober as having medium risk, but the experts are puzzled by the rapid spread of a virus. Sober S was seen for the first time in Europe, but now is spreading in United States.
"This is a prime example of social engineering - these games are very popular worldwide and even users who are savvy enough to suspect this email is a fake, may take a risk and click on the attachment anyway in the hopes of getting free tickets," said Jamz Yaneza, senior virus researcher at TrendLabs.
Sober was discovered for the first time in October 2003 and the last version, dubbed Sober-N or Sober-M was seen two weeks ago, also in German and English.