TELECOM Digest OnLine - Sorted: Zombies Boost New Sober Variant

Zombies Boost New Sober Variant

Paul F. Roberts (eWeek@telecom-digest.org)
Wed, 23 Nov 2005 12:42:34 -0600

Review Index Sorted By: [ date ][ thread ][ subject ][ author ]
Next message: Associated Press News Wire: "Bogus Emails Contain New Sober Worm"
Previous message: sethb@panix.com: "Re: Spyware Maker Sues Detection Firm"
TELECOM Digest: Home Page

Paul F. Roberts - eWEEKTue Nov 22, 1:23 PM ET

Anti-virus and e-mail security companies warned Internet users Tuesday
about a new variant of the Sober worm that was flooding e-mail servers
around the world, with help from zombie machines infected by earlier
editions of the same worm.

Sober.AG is the latest in a long line of mass e-mail worms.

It appeared Monday, after machines infected with older variants began
spamming out the new version in a massive e-mail flood.

The e-mail messages use a variety of subterfuges to trick recipients
into opening the virus attachment, including messages that pretend to
come from the FBI and CIA, security firms said Tuesday.

E-mail security vendor MessageLabs of New York City said it blocked
more than 2.7 million e-mail messages with the new Sober variant since
around 7 p.m. GMT on Monday in what it called a "major offensive."

Symantec Corp. rated the worm, which it dubbed "Sober.X," a "Level 3"
threat on a scale of one to five.

The company has received more than 1,600 samples of the worm from
corporations and 300 from consumers, Symantec said in an e-mail
statement.

For advice on how to secure your network and applications, as well as
the latest security news, visit Ziff Davis Internet's Security IT Hub.

Sober worms are nothing new, but the latest variant is much more
widely distributed than other recent versions because it is being sent
out, simultaneously, from countless other Sober-infected machines, or
"bots," said Symantec.

The new worm also uses a variety of enticing messages, in both German
and English, to trick users.

Messages that appear to come from the FBI or CIA tell users that their
IP address has been logged on "more than 30 illegal Websites," and
asks them to open an attached file containing a "list of questions."

Opening the file launches the Sober worm and infects the computer,
anti-virus vendors said.

Other e-mail campaigns containing the Sober.AG worm promise recipients
a glimpse of videos of jet-setters Paris Hilton and Nicole Richie if
they open the file, according to an e-mail alert from Computer
Associates International Inc.

The FBI issued a statement Tuesday warning the public to avoid falling
for the scam.

Anti-virus vendors advised customers to update their anti-virus
signatures and to be wary of scam e-mail messages.

Check out eWEEK.com's Security Center for the latest security news,
reviews and analysis. And for insights on security coverage around the
Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's
Weblog.

Copyright 2005 Ziff Davis Inc.

Content originally published in Ziff Davis Media publications is the
copyrighted property of Ziff Davis Media.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Associated Press News Wire: "Bogus Emails Contain New Sober Worm"
Go to Previous message: sethb@panix.com: "Re: Spyware Maker Sues Detection Firm"

TELECOM Digest: Home Page

Post Followup Article	Use your browser's quoting feature to quote article into reply
Go to Next message: Associated Press News Wire: "Bogus Emails Contain New Sober Worm"
Go to Previous message: sethb@panix.com: "Re: Spyware Maker Sues Detection Firm"
TELECOM Digest: Home Page