Newest Sober Variant: Biggest Worm Attack Of The Year

By one vendor's measure, Sober is accounting for one in every eight e-mails.
"It's no surprise that we have seen yet another variant of the Sober worm, as this worm propagates via port 25 SMTP traffic," said Scott Chasin, chief technology officer at MX Logic, in a statement. "As long as this port remains open, we'll continue to see mass-mailing worms such as this latest Sober."

Chasin called for Internet service providers (ISPs) to block port 25 to prevent outbound malicious mail such as Sober.

One security firm, the U.K.-based Sophos, has tagged the new Sober with its highest-possible threat label, while others, including Symantec and McAfee, have dubbed it a "medium" threat.

Symantec issued an additional warning to customers of its DeepSight Threat Management System to warn them of a large spike in incoming malicious attachments due to the widespread Sober. The alert also recommended that enterprise administrators take action.

"Ensure that all virus scanners are running with fully updated definitions," the alert advised. "Filtering out ZIP-compressed archives at the network perimeter might also be advisable, although it should be noted that delivery of legitimate content will, most likely, be adversely affected by this measure."

Sober's payload arrives in an attached .zip file.

As for the rationale behind the biggest attack of the year, analysts are in agreement: it's an attempt by criminals to acquire compromised computers that can be "rented" out to spammers or other hackers.

"I'd be surprised if [the attackers] weren't using the infected systems to add to their bot networks," said Alfred Huger, senior director of engineering for Symantec's security response team. "What they use those bots for, unfortunately, is anyone's guess."

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing