Content

Don’t declare victory over Sober yet

Although the latest variant of the Sober worm has so far been all bark and no bite, some security experts have warned PC users that the bilingual virus' threat isn't over yet.

The virus' download phase was to start globally at midnight Friday - 7 p.m. EST - but it had, so far, not activated.

Scott Chasin, chief technology officer at MX Logic, cautioned, "We are not out of the woods yet."

"Just because we did not see anything on Jan. 6 does not mean that we won't see the thousands of Sober.Z infected PCs leveraged in the future to initiate a spam attack or denial of service attack," he said. "The Sober worm has been very successful and very prolific, and I don't believe we have seen the last of it."

In June 2004, an earlier variant of Sober sent emails to thousands of users reading, "What Germany needs is German children" or other racist messages. That attack was related to elections in the country's parliament.

The Sober family appears to be authored by a German speaker or group of German speakers and is comprised by nearly 30 variants dating back to October 2003. Infected emails propagate as attachments with a social engineering component, enticing readers to open malicious files with messages using information on current events. Sober is also a bi-lingual worm, sending German-language messages to German email addresses, and English-language messages to other addresses.

F-Secure said Monday that Sober.y, which had been the firm's most tracked virus since November, had disappeared from its rankings. However, thousands of PCs remained infected with the virus, the firm said.

"There still are at least tens of thousands of infected machines out there. They just aren't spreading the virus further: they're just tying to download and run a mystery file – which isn't there to be downloaded," Mikko Hypponen, F-Secure director, said on the firm's website.

The U.S. Computer Emergency Readiness Team warned PC users about Sober's automatic update capabilities.

The organization advised users to keep up to date on OS patches and antivirus software, ignore unsolicited links and to refer to Microsoft and U.S.-CERT advisories for additional information.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.