Microsoft Security Advisory on Win32/Sober

Stephen brings up a good point as there is a lot of activity on the security front this week. Given the activity I want to make you we help keep you connected and bring to your attention the security advisory we’ve issued regarding recent variants of the Win32/Sober worm.

The antivirus community has been tracking variants of Win32/Sober, a mass mailer worm that attempts to entice users into opening an attached executable or clicking a malicious URL via IM.  The worm doesn't appear to target a security vulnerability, but rather relies on the user opening the attachment or clicking a link in their IM window to execute.

On systems already infected by Win32/Sober.Z@mm, the malware is programmed to download and run malicious files from certain Web domains beginning on January 6, 2006.  Beginning approximately every two weeks thereafter, the worm is set to begin downloading and running malicious files from additional sites on the same Web domains.

We've added detection for the latest Sober variants to the Malicious Software Removal Tool and the Windows Live Safety Cente and customers who think they might be infected can go to and choose "Protection Scan" to remove all known variants of Win32/Sober. 

We have issued a security advisory to provide guidance to affected customers to help protect themselves which is available here



Comments (0)

Skip to main content