#SOBER WORM VIRUS WINDOWS#
(Note: %System% refers to the Windows System folder which is usually C:\Windows\System, C:\Winnt\System32, or C:\Windows\System32. In addition, it also creates the file, MEDIA.DLL, in the %System%\Macromed\Help folder which it uses to store target email addresses it gathers from the infected computer. (Note: The registry data refers to the two dropped files with random file names.) Windows\CurrentVersion\Run\(Value name)=(worm file name) It modifies the following registry key by adding random registry values and data so that it is run each time Windows is started: The filenames used by the worm may be chosen from the following list: Upon execution the worm creates several copies of itself using variable filenames in the %System% directory.
![sober worm virus sober worm virus](https://www.eset.hu/files/virus/sober-j-winpic2a.png)
The attachment can have any of the following file extensions: The subject line and attachment name are randomly chosen from an internal list.
![sober worm virus sober worm virus](https://securitygladiators.com/wp-content/uploads/32.Computer-Virus-Spread-Image-358x201.jpg)
Route of Infection: Once your computer is infected and activated this mass-mailing, memory-resident W32.Sober worm will mail itself to email addresses found on your computer using its own built-in SMTP engine. When is first run on your computer, it may display the fake error message "File not complete!"Īliases: , Worm/Sober,, I-Worm/Sober.A, W32/Sober.A.worm, I-Worm.Sober The subject line of the email that the virus sends varies, and can be in either English or German. The Sober worm is a mass-mailing worm that uses its own SMTP engine to spread itself.
![sober worm virus sober worm virus](https://www.temok.com/blog/wp-content/uploads/2017/06/virus.jpg)
A new worm / virus alert was issued on October 28th 2003.