Security news
Security news23 November 2004
New Sober-I worm dominates virus reports as it continues to cause headaches, says Sophos
 |
The W32/Sober-I worm, which was discovered on Friday, has continued to cause problems for unprotected computer users in the days since. Experts at Sophos report that the virus is currently accounting for 55% of all virus reports at Sophos's global network of monitoring stations.
"Sober-I is the biggest new virus we have seen for some time. There is a danger that users have become complacent because the virus scene has been relatively quiet recently - this may have contributed to Sober's success," said Graham Cluley, senior technology consultant for Sophos. "Clearly too many people have still not put in place a system of automatic anti-virus updates, or a policy of blocking dangerous attachments at the email gateway. Businesses are waking up to the need for this high level of protection, but are still being bombarded by viral emails - possibly from infected home users."
The Sober-I worm sends itself to email addresses harvested from an infected computer. It uses a variety of subject lines, message bodies and file attachment names in either English or German, including the following:
Subject: Oh God
Text: I was surprised, too! Who_could_suspect_something_like_that? shityiiiii
Attachment: im_shock.zip
Subject: Delivery_failure_notice
Text: This mail was generated automatically. More info about --<random name>-- under: http://www.<random URL>
Attachment: mail_147.zip
"Unprotected computer users, who return to their email inbox after the long weekend, should be careful not to launch unsolicited attachments which could spawn more copies of the worm," continued Cluley.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats and secure their desktops and servers with automatically updated anti-virus protection.
Do you know how many employees are running virtualisation software on their PCs?
