Comments on: Clock's ticking on new Sober onslaught

Mass-mailing worm is programmed to download new instructions in January, which could indicate a new outbreak.

Add a Comment (Log in or register) (3 Comments)

Sober worm again

by PeterGooch December 7, 2005 10:33 PM PST

I generate a number of EMail newsletters daily, and in my opinion,the Sober attacks are already starting. Generally they take the form of EMail allegedly from the FBI, CIA or some other organization stating that I have visited illegal websites and must fill in the form. Open the attachment and Bang. These EMails generally come two, three or sometimes six at a time - in other words under one heading. Anybody dlse had the same thing?

Like this Reply to this comment

Yup
by orphu December 8, 2005 6:21 AM PST: Been hit plenty hard but fortunately most are caught by our spam filter. Even had a user open the attachment AFTER we broadcast a message describing the e-mail and instructing users to immediately delete without opening.

However, if you re-read the article you'll notice that the first wave is a 'set-up'. Machines infected and not cleaned by the set-up will start misbehaving on 1/5/06.; Like this

Proactive Virus Defense is Needed (repost)
by tenaciousJk December 8, 2005 8:14 AM PST: This is a repost of comments I made on a similar article 12/1: (http://news.com.com/2100-7349-5977650.html)

Making the pre-holiday Sober outbreak even more lethal is the increasingly common tactic whereby virus writers release several variants of the same virus in quick succession to one another. This ?rapid release storm? strategy makes traditional antivirus even less effective since virus signature databases must be created, updated, and downloaded by end users with each new variant. At least four variants of Sober were spreading quickly via email across the internet on November 14th. The combination of the virus being an effective mass mailer, being well designed from a social engineering perspective, and the fact that the writer used rapid release storm tactics, allowed this virus to really own the internet for about 48 hours, depending on who you use for antivirus.

I work for GatewayDefender, an anti-spam/anti-virus managed service company. We're seeing McAfee, Symantec and others drop the ball here. We estimate, based on fallout metrics here at GatewayDefender, that this Sober outbreak took a lot of individuals and companies by surprise and that traditional AV simply didn?t get the job done as well as it used to.

Look for these coordinated "rapid release storms" and zero-day exploits to become the norm.

--jmw
http://www.gatewaydefender.com; Like this Reply to this comment