Original URL: http://www.theregister.co.uk/2005/11/28/nhtcu_sober_worm_warning/

NHTCU warns over Sober worm

Cyber-blitz enters second week

By John Leyden

Posted in Security, 28th November 2005 17:15 GMT

The latest variants of the prolific Sober worm series are posing as messages from the UK's National Hi-Tech Crime Unit, prompting a warning from the British police agency.

The tactic is an extension of an ongoing mass virus attack. Other organisations similarly spoofed last week include the FBI and CIA in the USA and the German Bundeskriminalamt. Society heiress Paris Hilton also featured as the subject of some of the attacks.

The scam emails claims to recipients that their internet use has been monitored and that they have accessed illegal web sites. The emails then direct recipients to open an attachment, which Reg readers will not be surprised to hear is infectious. This Windows-specific malware travels in an email message with the subject line of "You visit illegal websites" or "Your IP was logged" from spoofed email addresses such as info@nhtcu.org and office@nhtcu.org. Users who open the infected message attachments on Windows machines will further propagate the outbreak, as well as leaving their machines open to additional attacks and misuse.

"These emails did not come from the NHTCU. Anybody who receives such an email should delete it without opening it," the police agency warns. NHTCU advises consumers to visit GetSafeOnline.org for tips on how to protect themselves and their computers for virus attacks. ®