Today: Hundreds of emails jammed my account

in General Discussion edited January 2014
and i mean hundreds it felt a bit like a email bombing attack, which i once was a victim - years ago.

in the (long) header of each email i found particularily one message:

Malware found (Worm.Sober.F)

What the heck does that mean? Does a friend of mine do this to me accidently?

It is an - bloody - noying!


  • Reply 1 of 1
    cakecake Posts: 1,010member
    New Version of Sober Worm Spreading in Europe

    A new variant of the Sober worm, Sober.F, is spreading in Europe, and some anti-virus companies are raising their threat levels for the worm due to its success.

    Sober.F arrives in an e-mail sent by the worm's own SMTP engine. According to F-Secure's description of the worm, the incoming message can have any of a large number of subject lines and message bodies, some in German and some in English.

    The message also contains an executable file attachment, which, according to Symantec's analysis, contains any of a list of names with an .EXE extension and is 42,496 bytes large. When a user launches the attachment it sets itself to run automatically when Windows starts, then searches files on the hard disk to use as senders and recipients in the messages sent as it attempts to spread itself.

    Symantec has raised Sober.F from a Level 2 to Level 3 threat severity, labeling it "either as highly wild (but reasonably harmless and containable) or potentially dangerous (and uncontainable) if released into the wild." Symantec has also increased its overall "ThreatCon" level from 1 to 2 out of concern that Sober.F is developing into a major outbreak. F-Secure classified the threat from Sober.F as "moderate."

    Interestingly, F-Secure says that the worm checks the hard disk constantly for a file named ZHCARXXI.VVX. If it finds this file, it immediately unloads itself from memory. If the file is present during installation, the worm does not copy itself to the hard disk.


    Look Here


    This worm spreads via email as a file attached to infected messages. It also spreads via file-sharing networks. It is written in Visual Basic and packed using UPX. The packed file is approximately 40KB in size (this may vary slightly). The unpacked file is approximately 140KB in size.

    It harvests email addresses, and sends email messages to these addresses by creating a direct connection to the SMTP server.

    The worm uses one of the names below as the sender's name...

Sign In or Register to comment.