Sober to strike again this week

By on

The first worm epidemic of the new year - the latest variant of the Sober worm - is poised to strike at the end of this workweek, security experts have warned.

Firms have warned that the malware was designed to connect to numerous services between this Thursday and Friday, coinciding with the anniversary of the formation of German Nazi Party.

In June 2004, an earlier variant of Sober sent emails to thousands of users reading, "What Germany needs is German children" or other racist messages. That attack was related to elections in the German parliament.

Ken Dunham, senior engineer for iDefense, said it was key for companies to educate themselves about the virus quickly.

"Some people are getting very good at creating these emails," he said. "It's becoming very difficult to realize what is real and what isn't real. Companies should be ready for the potential threat and should know what's coming on Jan. 6."

The Sober family appears to be authored by a German speaker or group of German speakers and is comprised by nearly 30 variants dating back to October 2003. Infected emails propagate as attachments with a social engineering component, enticing readers to open malicious files with messages using information on current events. Sober is also a bi-lingual worm, sending German-language messages to German email addresses, and English-language messages to other addresses.

Andrew Lochart, senior director of marketing for Postini, said Sober "continues to be far and away the No. 1 virus we're collecting. There are a lot of copies of this floating around."

"The good news is that this has been out there a month. So you do have to make sure you have downloaded your updates," he said.

Andy Greenawalt, chief technology officer for Perimeter Internetworking, said Tuesday that his company has so far been successful in keeping clients protected from the virus, which may connect to services on one of a number of dates in the next few weeks.

"We open (email) before they do," he said. "We open the zip files and examine the content."

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?