Kaspersky Labs warned that Sober.i, based on what it described as a “classic” email worm, has started to infect machines everywhere.
Sober.i is triggered if you open an infected attachment, which causes a fake error message about WinZip to show. The worm makes two files in the Windows directory using random names. The program then picks up emails from an infected machine and propagates itself by sending a fresh payload to unsuspecting recipients.
News source: TheInquirer The files enter the system registry autorun key, said Kaspersky, and sends the emails by connecting to an SMTP server directly.
The emails have random subjects and random text, while the infected files have .zip, .bat or .pif extensions.
