<
http://www.snopes.com/computer/virus/soberx.asp>
Like the earlier Sober.C mass-mailing worm which hit in 2003, this latest version (Sober.X) employs phony warning messages supposedly sent by law enforcement agencies which claim to be tracking illegal Internet activity. In this case, the messages purport to come from a "Steve Allison," an investigator with either the FBI or the CIA, and state that the recipient has visited "more than 30 illegal Websites," presenting him with a "list of questions" he must answer. The whole thing is, of course, a fiction inteded to lure the reader into opening the attached .ZIP file so that the worm can spread to his PC.
Once it has infected a system, Sober.X may disable security and firewall programs, replicate itself by sending messages to contacts found in e-mail address books, block access to computer security web sites, and open security holes that allow outsiders to access personal data.
Sober.X e-mails are sent out with a variety of subject lines:
* hi, ive a new mail address
* Mail delivery failed
* Paris Hilton & Nicole Richie
* Registration Confirmation
* smtp mail failed
* You visit illegal websites
* Your IP was logged
* Your Password
The FBI has placed an alert about these messages on their web site:
The FBI today warned the public to avoid falling victim to an on-going mass e-mail scheme wherein computer users received unsolicited e-mails purportedly sent by the FBI. These scam e-mails tell the recipients that their Internet use has been monitored by the FBI and that they have accessed illegal web sites. The e-mails then direct recipients to open an attachment and answer questions.
The e-mail appears to be sent from the e-mail addresses of mail@fbi.gov and admin@fbi.gov. There may be other similarly styled addresses. The recipient is enticed to open the zip attachment which contains a w32/sober.jen@mm worm. The attachment does not open and its goal is to utilize the recipient's computer to garner information. Secondly, the virus allows the e-mail to be forwarded to all those listed in the recipient's address book.
Only Microsoft Windows platforms are vulnerable to Sober.X.
Symantec offers removal instructions and updated virus definitions to help combat Sober.X.
Last updated: 24 November 2005
<
http://www.snopes.com/computer/virus/soberx.asp>