Feeling Sober
An eightteen-month-long e-mail worm hangover
Saturday, May 07, 2005
BY : Brian Ashe
The latest e-mail borne virus to clog up our in-boxes is actually an old favorite that just never seems to go away. The latest incarnation of the Sober virus (Sober.P) released last week is still going strong and even growing. Originally this was labeled by most anti-virus firms as only a moderate threat, but it has proven that it is a bit more capable than that.
The first version of Sober came out in October of 2003 and spread like wildfire across the Internet. Since then there have been thirteen more versions each with varying penetration into our computing experience.
This version takes a peek into not only your Windows Address Book (WAB), but also scours through spreadsheets, text documents, your browser's page cache and many other places on your hard drive to find some new victims. It is also providing some new headaches for tracking it's source down by doing a cleaner job of "mixing and matching" names and domains to more closely simulate genuine e-mails that will entice you into opening up the zip file attached. It also employs an anonymous re-mailer to obscure the source of infection.
It was seeded out into the ether by a large spam mailing and was released in coordination with the second round of ticket sales for the World Cup of soccer in Germany. It has two versions of itself, one being in German and another in English.
This virus affects only Microsoft Windows PCs. It is recommended (as always) not to open unexpected attachments (even from friends or family) and to make sure to update your anti-virus definitions.
|
