A German federal office has claimed victory over Sober.p, but industry experts are advising caution.
The Federal Office for Security and Information Technology (BSI) claimed that by taking down websites it expected the worm to mine for viruses or other information, it had successfully averted the virus threat.
“Nothing has happened so far today,” said Michael Dickopf, a spokesman at the BSI, talking to German ex-pat magazine Expatica. “Our defensive actions appear to have worked.”
Antivirus firms analysing Sober.p discovered it was likely to stop spreading and start searching websites for code on 23 May.
Yesterday there was little action, prompting the BSI’s victory claim, but past experience has made some experts more wary.
“The original sober.p, the one that offered World Cup tickets, had a reactivation code set for 27 April – then didn’t actually launch sober.q (the one sending German propaganda spam) until 14 May,” said Dmitri Alperovitch, research engineer at Ciphertrust. “Even though sober.q has a reactivation feature set for 23 May, it may or may not happen.”
Sober.p is the latest in a long line of sophisticated threats that make it harder for companies and users to protect themselves.
“We’ve certainly seen trends towards more organised, evolving virus threats. Worms are now better hidden within infected hosts, using more sophisticated stealthing techniques and have number of different malevolent functions,” said detective constable Robert Burls of the Metropolitan Police Computer Crime Unit. “Look at the recent Bagle.as variant, that could disable some antivirus processes.”
In May SC reported the World Cup sober worm, propagating itself on the back of emails pretending to be free FIFA World Cup tickets, had spread very rapidly and was infecting scores of computers globally.