Printed from www.pcpro.co.uk
Sober variant causes new security hangover
Posted on 24 Nov 2005 at 16:27
The latest virus epidemic continues apace, with F-Secure raising its threat-level to one, and Sophos reporting that more than 5 per cent of email traffic is infected by the latest variant of the Sober worm.
Sophos' numbers have actually risen on the count it gave for the worm in the first few hours when it was seeded - already a figure of more than one per cent.
The worm arrives in a variety of guises, purporting to have attached pictures of Paris Hilton and Nicole Richie, or claiming to have been sent by the FBI, CIA or German authorities, with evidence of its monitoring the recipient's Internet activities in the attachment.
What's confounding about this worm is that many predicted the age of mass epidemics was past and that virus writers were now concentrating on the financial rewards associated with extortion through DoS attacks, fraud through phishing campaigns and the like.
But the new versions of Sophos don't appear to have any other payload other than to spread themselves on. Even more flummoxing is that by all accounts the author has already attracted enough attention from the authorities, with the German police having accurately predicted the launch of another Sober -variant last week. So impersonating the German police, the FBI and the CIA in the most high-profile and widespread virus epidemic seems at the very least foolhardy.
Yet despite the media coverage the figures keep rising. Finnish security company F-Secure yesterday raised the threat category for Sober to Radar level one - its highest.
This too is odd. Customers of both F-Secure and Sophos were already protected. Virus signatures they had already issued to their customers would detect the worm and block it out. The same goes for McAfee. As it does for ZoneAlarm.
F-Secure's Mikko Hyppönen thinks that the problem might be viruses actually deleting antivirus products from computers they infect. 'There still are computers that are rarely updated - or which have been protected by an antivirus, but which at some stage got hit with a virus that removes the antivirus from the system for good. Most of the really widespread viruses have this as a standard feature nowadays ... viruses like Mytob, Bagle and Mydoom.'
So security on the desktop may no longer be about checking you're up to date with your antivirus software, it's also about checking your antivirus software is still there.
Author: Matt Whipp
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
