January 6, 2006 12:11 PM PST
All quiet on the Sober front
Computers that were compromised by a variant of the Sober worm in November had the potential to download malicious code from certain Web sites and then launch a new wave of viruses on Jan. 6.
F-Secure confirmed on Friday that it has not seen any evidence of an attack.
"It's great! This is good news," Mikko Hypponen, chief research officer at the Finnish security company, said Friday. "We've been monitoring the locations of the files that infected machines are now trying to download. So far none of them have activated."
MessageLabs also confirmed that it had seen no successful attack.
"We've not seen anything. This is what we envisioned would happen. Everyone knew about (it), and took steps to mitigate the effects. The virus writer is probably running scared. It's great--everybody in the antivirus community helped each other out," said Mark Toshack, manager of antivirus operations at the hosted e-mail and Web security specialist. Toshack suggested it would be good for the security industry to approach other malicious software threats in the same way.
F-Secure warned that now was not the time to be complacent, as the hacker could still try to activate the download routine.
"The Sober guy laid low, but he might publish a little later. We've seen secondary download routines with other variants uploaded by the writer when he's ready, so perhaps he's still writing it," he said. "It doesn't necessarily mean he won't activate the threat in the future."
Tom Espiner of ZDNet UK reported from London.