• United States



by Paul Kerstein

Sober Worm Variant on the Rise

Nov 28, 20052 mins
CSO and CISOData and Information Security

The latest variant of the Sober worm is aiming for the top virus of theyear spot, with a staggering one in 14 e-mails circulated on theInternet containing it as of Monday morning, according to the antivirusvendor Sophos PLC.

Around 85 percent of all viruses reported to Sophos are what thecompany calls Sober-Z, up from around 60 percent last week, said GrahamCluley, senior technology consultant. Right now, Sober-Z ranks as thethird most prevalent virus for the year, behind Netsky-P in first andZafi-D as No. 2, he said.

“It isn’t slowing down,” Cluley said. “At the moment, it’s getting worse.”

It first appeared around Nov. 22 using several forms of socialengineering to trick users into executing the attachment. Messagespurporting to be from the U.S. Federal Bureau of Investigation warnrecipients that they have been visiting illegal Web sites and ask themto read a list of attached questions.

Other versions pretend to be from the U.S. Central Intelligence Agencyor offer video clips of Paris Hilton and Nicole Richie from the TV show”The Simple Life.” While most antivirus vendors have updates that canremove the worm, the “clever” social engineering ploys are stilleffective, Cluley said.

“I think the problem is there are some people who simply don’t haveprotected computers and are spewing this out to other people,” he said.

The worm, which is believed to have originated in Germany, scans harddrives for e-mail addresses and also tries to shut off securitysoftware, according to Sophos.

By Jeremy Kirk – IDG News Service (London Bureau)