The long-running IT security hangover caused by the Sober worm has finally come to an end, newly published threat monitoring data claimed today. According to the latest monthly malware report from Fortinet, the worm's activity "spectacularly dropped" on Jan. 6, as it made the transition from its spreading phase to an update phase.
"It's worth mentioning that after a careful analysis of the code, it is not going to go back to a spreading phase, ever" says Guillaume Lovet, threat response team leader at Fortinet.
However, he went on to warn: "The worm's authors - who have extensively proved that they were able to produce tremendously large outbreaks in the past - could very well seed new variants of the infamous 'propaganda' worm."
The study also found that, during last month, the biggest threat came from the rise of the Grew (aka Kama Sutra, Nyxem, MyWife and Kasper), which appeared on Jan. 16. Within two days, this virulent worm reached its highest peak of activity.
According to Fortinet's Lovet, the newly discovered Kama Sutra worm is an old-fashioned threat that looks like a legacy from the early days, when virus authors would write malware for "fun or glory," and not for making money.
"Within several days, Grew indeed infected hundreds of thousands of computer systems all over the world. Its payload is not set to spy on the infected users. It does not embed a bot, a proxy or a backdoor, nor does it display ads. Instead, it is set to damage files with the specific extensions on the infected computer, on the 3rd of every month" Lovet said.
Lovet went on to speculate why the only two large outbreaks in recent months have been caused by worms (Sober and Grew) that are not designed to generate profit: "This is consistent with our thought that cybercriminals willing to make money adopt a 'low-profile' attitude, and try to make as little fuss as possible."
"The fact various bot herders and phishers were arrested lately clearly indicates that high financial damage and/or large media coverage almost always lead you straight to courts," he added.