[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 19 November, 2004, 16:13 GMT
Lazarus-like virus hits computers
Escape key on computer keyboard, BBC
Some people are struggling to escape Sober-I
Security firms are warning about a PC virus that comes back from the dead.

The newest variant in the Sober family of Windows viruses resurrects itself if some of the parts it leaves on infected machines are not deleted.

The virus also tries to trick people into opening infected attachments by claiming that the message has been passed as clean by anti-virus scanners.

Computer security firms warned people to be suspicious of unsolicited e-mails bearing attachments.

Clever code

The first Sober virus appeared in late October 2003 and was most prevalent in Germany.

The latest Sober-I variant debuted on 19 November, is more international in flavour and uses several new tricks to try to preserve itself and fool people into opening it and infecting their Windows machine.

POPULAR SOBER-I SUBJECT LINES
Details
Registration Confirmation
Your mail password
invalid mail
Mail delivery_failed
Re: Delivery_failure_notice
Re: illegal signs in your mail
Your Password
The virus places two small files into the memory of any machine that it infects. If either one of these files is manually deleted, its partner will resurrect the missing file.

Similar tactics have been seen in spyware programs that capture information about browsing habits, but it is believed that this is the first time such a tactic has been used by a computer virus.

In an attempt to reassure people that it is benign, the virus adds text to the messages it travels in that claims the e-mail has been scanned and found clean by anti-virus programs.

The message can use any one of 150 separate subject lines and the message forming its body can be generated from short strings of text that it carries with it.

The infectious attachments bearing the virus code try to hide by labelling themselves as either a screensaver (scr), batch (bat), information (pif) or command (com) file.

Anyone clicking on the attachment could leave themselves open to more infections as the virus disables many of the security features used to keep machines virus free.

Once installed the mass mailer scours a Windows machine for addresses and then uses its own built-in e-mail software to send itself to potential new victims.

The BBC News website has received warnings from four different companies about the Sober-I virus which appears to be catching quite a lot of people out.

Mail filtering and scanning firm Blackspider Technologies said it had seen more than 1 million copies of the virus in the first few hours of the day.

The Sober-I virus can infect machines running Windows 2000, 95, 98, Me, NT, XP and Windows Server 2003.


SEE ALSO:
10 ways to improve computer shops
19 Nov 04 |  Magazine
The spy in your computer
18 Nov 04 |  Breakfast
Top 20 computer threats unveiled
09 Oct 04 |  Technology
Beckham virus spotted on the net
13 Oct 04 |  Technology
How to smash a home computer
14 Nov 04 |  Technology
Joke e-mail virus tricks users
29 Oct 04 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific