Sober-C to make January's top ten virus chart

Posted on 23 Dec 2003 at 15:10

Barely three days since discovery, the C variant of the Sober virus is already set to make it into Sophos's top ten virus chart for January.

Sober-C, first reported on Friday, is a new variant of the Sober worm that is geographically aware - or at least domain aware - and will send English language versions of itself to .co.uk addresses and German versions to .de addresses.

But three days in to the virus spread, Carole Theriault, security consultant at Sophos, said that the numbers of reports of the Sober-C virus still 'were climbing very steadily'. 'It will be in the top ten for January,' she predicted.

'People tend to be less security minded over Christmas,' she warned. And this presents a serious threat with worms such as Sober-C, because of the chameleon-like nature of the virus, with its ability to employ a variety of subject lines and use different languages. 'These ones are more like Klez,' said Theriault, 'Some users without antivirus protection still think they'll be able to spot viruses, but having huge amounts of subject lines confuses people. They don't know what to look out for.'

Sober-C doesn't just spread through email, but also via peer to peer networks, such as KaZaA, by replacing files in the Shared folder with copies of itself, but retaining the same filenames.

Users should make sure their AV products are up to date. Sophos has more information and instructions for removing the worm at its website.