|
| Genotype technology is built into all Sophos products, proactively defending against new
threats. |
Last updated 29 November 2005 with latest
statistics
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centres, are warning
computer users that the new Sober-Z worm is spreading
at such a rate that it now accounts for over 88% of all viruses
reported to Sophos - making it currently the most widespread
computer virus in the world.
Accounting for a staggering one in 13 of all emails travelling
across the internet, the Sober-Z worm sends itself as an email
attachment and attempts to turn off security software on the user's
computer.
The worm lures innocent computer users into opening its infected
attachments using a variety of tricks that include posing as an FBI
or CIA agent with attached questions to be answered, and a phoney
offer of Paris Hilton and Nicole Richie video clips from 'The
Simple Life'. Instead, in the case of every Sober-Z attachment, the
zip file contains a copy of the worm with the filename
File-packed_dataInfo.exe. The worm then scans the user's
hard drive for other email addresses, in its search for other
computers to infect.
Typical email messages sent by the worm can include, but are not
limited to, the following:
From:
<Harvested address>
Subject:
hi, ive a new mail address
Message text:
hey its me, my old address dont work at time. i dont know why?!
in the last days ive got some mails. i' think thaz your mails but
im not sure! plz read and check ...
cyaaaaaaa
Attachment:
mailtext.zip
or
From:
<Harvested address>
Subject:
Paris_Hilton_&_Nicole_Richie
Message text:
The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures
& more ;)
Download is free until Jan, 2006!
Please use our Download manager.
Attachment:
downloadm.zip
"The sheer rate at which this worm is spreading proves that the
devious tricks used by the worm's creator are working," said
Graham Cluley,
senior technology consultant at Sophos. "This should be a wake up
call to businesses across the globe as to the major level of threat
that viruses pose to IT security. It's absolutely imperative that
all organisations defend their networks from such attacks with a
consolidated solution."
At 00:00 on 6 January 2006, the worm attempts to download
further code from the internet. If no code is downloaded the Sober
worm is programmed to stop replicating via email.
The author of the Sober worm has now been attacking innocent
computer users for more than two years and Sophos is calling for
anyone with information about the author to report it to the
computer crime authorities.
Sophos customers proactively protected against Sober-Z
worm
Sophos's proactive Genotypeâ„¢ technology was capable of detecting
the Sober-Z worm proactively (naming it as W32/Sober-Gen),
defending customers' computers without requiring an update.
Sophos PureMessage, Sophos's consolidated
email gateway solution which defends businesses against both spam
and viruses, can also block the spam messages sent by the worm.
Sophos strongly recommends companies thwart virus and spam
threats and secure their desktops and servers with automatically
updated anti-virus and anti-spam
protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.