The Latest and the Biggest Worm Attack of the Year—Sober
November 23, 2005
The Sober worm outbreak that began this Tuesday is probably the world’s largest mass mailed malware attack of the year 2005. The newest member of the Sober worm clan called Sober.x, Sober.y, and Sober.z by various anti-virus vendors -- began spreading Monday and quickly gained momentum by Tuesday.
Many of the messages arrive with fake From: addresses of the FBI, CIA, and overseas police agencies such as Germany's Bundeskriminalamt, for example, to trick users into opening the attachment. Others pose as video clips of pseudo-celebrities such as Paris Hilton and Nicole Richie.
Like other Sober variants this worm too spreads using its own SMTP engine to send copies of itself to the addresses it hijacks from the other compromised computers. One security firm, the U.K.-based Sophos, has tagged the new Sober with its highest-possible threat label, while others, including Symantec and McAfee, have dubbed it a "medium" threat.
Symantec issued an additional warning to customers of its DeepSight Threat Management System to warn them of a large spike in incoming malicious attachments due to the widespread Sober. The alert also recommended that enterprise administrators take action. "Ensure that all virus scanners are running with fully updated definitions," the alert advised. "Filtering out ZIP-compressed archives at the network perimeter might also be advisable, although it should be noted that delivery of legitimate content will, most likely, be adversely affected by this measure."
Sober's payload arrives in an attached .zip file.
As for the rationale behind the biggest attack of the year, analysts are in agreement: it's an attempt by criminals to acquire compromised computers that can be "rented" out to spammers or other hackers.
Source: TechWeb
|
News
