Anti-virus vendors warn that a new Internet worm, Sober.D, is spreading via e-mail under the guise of an alert from Microsoft.
Sober.D spoofs the e-mail sender address and carries English or German subject lines reading: "Microsoft Alert: Please Read!" or "Microsoft Alarm: Bitte Lesen!".
It appears to be a Microsoft update to remove the MyDoom worms, and fakes a dialogue box that acts like a patch has been installed.
"Sober.D is spreading mostly in Europe and zeros in on German-speaking users," says Ken Dunham, director of malicious code at iDefense.
"This is a dangerous trend, where specific language groups or countries are targeted by malicious code attacks. Sober.D uses German text when it sends it malicious code to domains with the suffixes at, be, ch, de, li, and nl, or if the e-mail address contains the string @gmx."
F-Secure says it has issued a Radar Level 2 alert on the worm.
An earlier variant of the worm, Sober.C, was one of the most prevalent worms around the globe in December and February.
Share
