Comments on: Sober storms charts as month's biggest attack

At its peak, the latest variant of the worm accounted for one out of every 13 e-mails sent, expert says.

Proactive virus defense is needed
by tenaciousJk December 1, 2005 10:38 AM PST: Making the pre-holiday Sober outbreak even more lethal is the increasingly common tactic whereby virus writers release several variants of the same virus in quick succession to one another. This ?rapid release storm? strategy makes traditional antivirus even less effective since virus signature databases must be created, updated, and downloaded by end users with each new variant. At least four variants of Sober were spreading quickly via email across the internet on November 14th. The combination of the virus being an effective mass mailer, being well designed from a social engineering perspective, and the fact that the writer used rapid release storm tactics, allowed this virus to really own the internet for about 48 hours, depending on who you use for antivirus.

I work for GatewayDefender, an anti-spam/anti-virus managed service company. We're seeing McAfee, Symantec and others drop the ball here.
We estimate, based on fallout metrics here at GatewayDefender, that this Sober outbreak took a lot of individuals and companies by surprise and that traditional AV simply didn?t get the job done as well as it used to.

Look for these coordinated "rapid release storms" and zero-day exploits to become the norm.

--jmw

http://www.gatewaydefender.com; Like this Reply to this comment

well at least you can see that one coming!
by heystoopid December 1, 2005 12:47 PM PST: Well at least with emails, you can see them coming, not like the sneaky underhanded left field under the horizon rootkit, complete with the hidden from view files, that stole system resouurces, that came free with legitimate SONY BMG audio discs! With 568,200 plus infections, that's one mighty security trojan nightmare, for everyone!; Like this Reply to this comment

Sober worm
by stormy47 December 2, 2005 8:16 AM PST: Thanks to eartlink They caught the Paris Hilton in my e-mail and did not send it to me Kudos to Earthlink!; Like this Reply to this comment

Somber storms
by cyberjett2 December 6, 2005 11:43 PM PST: In my opinion, internet email users need to become more proactive in how email is handled. My parent's always told us "to never open the door to strangers". Same scenario here, users are so naive, we see something that appears legitimate and suspicious at the same time. So what does one do? We become curious(hellooo) and we all know what's said about being 'curious'. Internet users need to be more sensitive, and pay more attention (instead of $$$ to rid the virus). By now, one would think that we'd learnt something about virus. It's the same-o same-o scenario, do not run and open email attachments (the door). Wouldn't have all these internet attacks. I don't give the person or persons credit for initiating the virus, it's the individuals who gladly open the internet email attachments that carry out the attackers ploy. That's my opinion... Thanks for you time...; Like this Reply to this comment

Sober buster ahead?
by Roberto Morales M. December 10, 2005 10:08 PM PST: For what is worth, NORTON has been doing fine. All Sober spams have been cleaned. Yet, during the last recent days, they have eaten-up about an average of 65% of my incoming e-mail. Perhaps Web Servers can put a firewall/filter and give us a break.; Like this Reply to this comment