belgareth
11-23-2005, 11:23 AM
Zombies Boost New Sober Variant Paul F. Roberts - eWEEK
Tue Nov 22, 2005
Anti-virus and e-mail security companies warned Internet users
Tuesday about a new variant of the Sober worm that was flooding e-mail servers around the world, with help from
zombie machines infected by earlier editions of the same worm.
Sober.AG is the latest in a long line of mass e-mail worms.
It
appeared Monday, after machines infected with older variants began spamming out the new version in a massive e-mail
flood.
The e-mail messages use a variety of subterfuges to trick
recipients into opening the virus attachment, including messages that pretend to come from the FBI and CIA,
security firms said Tuesday.
E-mail security vendor MessageLabs of
New York City said it blocked more than 2.7 million e-mail messages with the new Sober variant since around 7 p.m.
GMT on Monday in what it called a "major offensive."
Symantec Corp.
rated the worm, which it dubbed "Sober.X," a "Level 3" threat on a scale of one to
five.
The company has received more than 1,600 samples of the worm
from corporations and 300 from consumers, Symantec said in an e-mail statement.
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff
Davis Internet's Security IT Hub.
Sober worms are nothing new, but
the latest variant is much more widely distributed than other recent versions because it is being sent out,
simultaneously, from countless other Sober-infected machines, or "bots," said
Symantec.
The new worm also uses a variety of enticing messages, in
both German and English, to trick users.
Messages that appear to come
from the FBI or CIA tell users that their IP address has been logged on "more than 30 illegal Websites," and asks
them to open an attached file containing a "list of questions."
Opening the file launches the Sober worm and infects the computer, anti-virus vendors
said.
Click here to read more insight about the Sober worm from
columnist Larry Seltzer.
Other e-mail campaigns containing the
Sober.AG worm promise recipients a glimpse of videos of jet-setters Paris Hilton and Nicole Richie if they open the
file, according to an e-mail alert from Computer Associates International Inc.
The FBI issued a statement Tuesday warning the public to avoid falling for the
scam.
Anti-virus vendors advised customers to update their anti-virus
signatures and to be wary of scam e-mail messages. ยด
Check out
eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security
coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.
Tue Nov 22, 2005
Anti-virus and e-mail security companies warned Internet users
Tuesday about a new variant of the Sober worm that was flooding e-mail servers around the world, with help from
zombie machines infected by earlier editions of the same worm.
Sober.AG is the latest in a long line of mass e-mail worms.
It
appeared Monday, after machines infected with older variants began spamming out the new version in a massive e-mail
flood.
The e-mail messages use a variety of subterfuges to trick
recipients into opening the virus attachment, including messages that pretend to come from the FBI and CIA,
security firms said Tuesday.
E-mail security vendor MessageLabs of
New York City said it blocked more than 2.7 million e-mail messages with the new Sober variant since around 7 p.m.
GMT on Monday in what it called a "major offensive."
Symantec Corp.
rated the worm, which it dubbed "Sober.X," a "Level 3" threat on a scale of one to
five.
The company has received more than 1,600 samples of the worm
from corporations and 300 from consumers, Symantec said in an e-mail statement.
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff
Davis Internet's Security IT Hub.
Sober worms are nothing new, but
the latest variant is much more widely distributed than other recent versions because it is being sent out,
simultaneously, from countless other Sober-infected machines, or "bots," said
Symantec.
The new worm also uses a variety of enticing messages, in
both German and English, to trick users.
Messages that appear to come
from the FBI or CIA tell users that their IP address has been logged on "more than 30 illegal Websites," and asks
them to open an attached file containing a "list of questions."
Opening the file launches the Sober worm and infects the computer, anti-virus vendors
said.
Click here to read more insight about the Sober worm from
columnist Larry Seltzer.
Other e-mail campaigns containing the
Sober.AG worm promise recipients a glimpse of videos of jet-setters Paris Hilton and Nicole Richie if they open the
file, according to an e-mail alert from Computer Associates International Inc.
The FBI issued a statement Tuesday warning the public to avoid falling for the
scam.
Anti-virus vendors advised customers to update their anti-virus
signatures and to be wary of scam e-mail messages. ยด
Check out
eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security
coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.