May 9, 2005 8:54 AM PDT

Sober worm hits new heights

The Sober.P worm is circulating the Internet in greater quantities than ever, according to antivirus company Sophos.

Sophos says the mass-mailing worm accounted for 5.4 percent of all e-mail the company saw over the weekend and 84 percent of virus activity. That represents an increase compared with Friday, when Sophos said the worm accounted for 4.65 percent of all e-mail and 77 percent of virus activity.

Sober.P prevention
and cure

Learn more about the
bilingual worm from

"The strange thing is that we're actually seeing more reports than ever," said Graham Cluley, senior technology consultant at Sophos. "It's increased, and it's even worse than last week. We don't know how many people are infected, but those infected are just spewing these e-mails out."

Cluley said the second most prevalent e-mail threat, the Netsky.P virus, accounted for 0.3 percent of all such threats, and the Zafi.D worm, the third most common, accounted for just 0.08 percent. "Those have been big viruses but have been dwarfed by the Sober worm," he said.

Last week, Sophos said the worm turned off Symantec's antivirus protection and Microsoft's Windows XP firewall on infected machines.

Sober.P--which security companies have variously tagged as Sober.N, Sober.O and Sober.S--travels as an attachment in e-mails written in English and German. One of the most widely reported e-mails contains an alluring message stating that the recipient has won free tickets to the 2006 World Cup in Germany, but many other types have also been spotted. Once opened, the virus sends itself to e-mail addresses harvested from the newly infected machine.

Dan Ilett of ZDNet UK reported from London.


Join the conversation!
Add your comment
What good is MS security
What good is Microsoft's firewall if it is turned off so easily?
Will Microsoft ever be serious about security? I know the user is to
blame too.... but Microsoft's competitors don't have this
problem...and it has little to do with "security through
obscurity"...they are just more secure.
Posted by 198775425444042216790779840523 (102 comments )
Reply Link Flag
Don't run as Administrator
The problem is that too many many users run with full administrative privileges. Partially it's because many software vendors (for example, ICQ) don't follow design guidelines, making their software unusable for users with limited privileges.

If you are logged on as limited user, neither you nor software you may unknowingly launch, can change any vital system settings, nor install software. Malware won't be able to get a hold.
Posted by alegr (1590 comments )
Link Flag
Sober Worm - not infected but a victim
I do not have the Sober virus on my computer but am getting 25 emails per hour from someone who has the sober virus on their system. How can I end this bombardment of emails? How can I identify who is sending them to me to get them to disinfect their system?
Posted by amorris--2008 (2 comments )
Reply Link Flag
You can't
The EMail addresses are almost always wrong.
Posted by Andrew J Glina (1673 comments )
Link Flag
A possibility....
Sometimes you can view the full email headers and follow the path through the "Received:" headers. This may give you a clue as to the ISP of the computer involved, which, if it's someone you know, could lead to who it is. But it's not necessarily someone you know...just someone who has your email address for whatever reason.
Posted by cbiltcliffe (20 comments )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.