Eset's NOD32 Identifies New Version of Sober Worm; NOD32 Users Are Immediately Protected from Infection without Having to Wait for an Updated Signature

Business Wire, March 7, 2005

SAN DIEGO -- Eset, a global security software solutions company providing next-generation virus protection, today announced that the company's flagship product, NOD32 antivirus, detected a new variant of the Sober worm family -- Win32/Sober.L. Cases of infection have been reported in Germany and Spain so far, and infection continues to spread rapidly. The worm was first detected early this morning by Eset's Virus-Radar at http://www.virusradar.com, which uses NOD32's advanced heuristics technology.

The Win32/Sober.L worm uses its own SMTP engine to proliferate via email and create outgoing messages, which are written in German or English. If executed, the attachment allows the worm to collect email addresses from local files and then uses the addresses to send itself out to other computers. Once a computer is infected the virus locks the files in the system's memory so that they cannot be detected or removed by antivirus products. For this reason, advanced detection even before the creation of a new signature update is crucial. Sober.L also monitors the registry keys that it creates and if they are removed by a cleaner then they are immediately rewritten. It can also detect and disable some other anti-virus utilities including Microsoft's Malware removal tool.

Eset is providing a free cleaner for infected systems not protected by its NOD32 antivirus software. The cleaner can be downloaded at http://www.nod32.it/cgi-bin/mapdl.pl?tool=Sober. It is important to note that the Sober.L virus cannot easily be removed manually from a system. Once a computer has been infected, only a special cleaner like that offered by Eset should be used to remove the worm.

Eset's Virus Radar (www.virusradar.com) -- a real-time malware tracking tool, identified the new Sober variant using NOD32. Virus Radar provides site visitors with easy access to in-depth analysis of the latest viruses and processes approximately four million email messages per day to provide information such as the exact date a virus was first detected and its current detection rate. Virus Radar is also capable of tracking the progression of a single virus over a given period -- in some instances from the earliest heuristic detection of a new virus to the point where the virus disappears.

About Eset

Founded in 1992 and headquartered in San Diego, CA, Eset is a global provider of security software solutions for enterprises and consumers. Eset's award-winning anti-virus software system, NOD32, provides real-time protection from known and unknown viruses, spyware and malware. NOD32 offers the smallest, fastest and most advanced protection available, with more Virus Bulletin 100% Awards than any other anti-virus product. Eset has been named to Deloitte's Technology Fast 500 two years running, and has an extensive partner network, including corporations like Canon, Dell and Microsoft. Eset is a privately held company with offices in San Diego, US, Canada, London, UK, Paris, France, Prague, CZ, and Bratislava, SK. For more information, visit www.eset.com or call 619-437-7037.