|
| Genotype technology is built into all Sophos products, proactively defending against new
threats. |
Last updated 29 November, 11:00 GMT with latest
statistics
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
internet users of an in-the-wild worm which is pretending to be an
email from an FBI or CIA investigator.
In the last 24 hours, the worm has accounted for over 88% of all
viruses reported to Sophos, making it currently the most prevalent
virus spreading across the world. It has accounted for a staggering
1 in 13 of all emails travelling across the internet. The FBI is so
concerned about the messages that it has issued a warning on its
website.
The W32/Sober-Z
worm arrives as an email attachment, and can use a variety of
different messages, including the following:
Dear Sir/Madam,
We have logged your IP-address on more than 30 illegal
Websites.
Important: Please answer our questions! The list of
questions are attached.
Yours faithfully,
Steven Allison
Federal Bureau of Investigation-FBI-
935 Pennsylvania Avenue, NW , Room 3220
Washington , DC 20535
Phone: (202) 324-30000
Sometimes the emails claim to come from the same investigator,
but at the CIA. Other versions pretend to be video clips from the
Nicole Richie and Paris Hilton TV show "The Simple Life", or relate
to the German version of the quiz show "Who wants to be a
Millionaire".
If the attached file is run, the worm scans the user's hard
drive for other email addresses, in its search for other computers
to infect.
"This variant of the Sober worm may catch out the unwary as they
open their email inbox this morning," said Graham Cluley, senior
technology consultant at Sophos. "Every law-abiding citizen wants
to help the police with their enquiries, and some will panic that
they might be being falsely accused of visiting illegal websites
and want click on the unsolicited email attachment. All users
should be reminded to follow safe computing guidelines, and PCs
should be kept automatically updated with the latest anti-virus
protection."
In a statement, the FBI has urged users who receive the viral
emails to report them to the Internet Crime Complaint Center at
www.ic3.gov.
"Anyone who may have information about the Sober worm's author
should report it to the computer crime authorities," continued
Cluley. "This malware writer has been maliciously attacking
innocent computer users for over two years, and must be
stopped."
Sophos customers proactively protected against Sober-Z
worm
Sophos's proactive Genotypeâ„¢ technology was capable of detecting
the Sober-Z worm proactively (naming it as W32/Sober-Gen),
defending customers' computers without requiring an update.
Sophos PureMessage, Sophos's consolidated
email gateway solution which defends businesses against both spam
and viruses, can also block the spam messages sent by the worm.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam
threats and secure their desktops and servers with automatically
updated anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.