The ability to cloak itself means that antivirus programs must have the means to detect Sober running in memory, then kill those processes. But some of these applications either lack a memory scanner or have a scanner with limited functionality.
One of the reasons why the Sober.p worm continues to spread is because of the way it hides from some anti-virus scanners, a Russian security firm said Wednesday.
Sober.p--also called Sober.s, Sober.o, and Sober.v by various anti-virus companies--includes a mechanism that prevents other programs from accessing its files, said Moscow-based Kaspersky Labs. That presents problems for some anti-virus software.
The tactic has been seen in previous Sobers, said Kaspersky, but it's been refined so that no applications, not even those running under a SYSTEM account, can access them.
"If something can't be scanned, then malicious code can't be detected," Kaspersky said in an online alert. "This rules out the chance of Sober being detected while running an on-demand scan."
Instead, the anti-virus software must have the means to detect Sober running in memory, then kill those processes.
"This is where some anti-virus programs are failing," added Kaspersky. "Either they don't have a memory scanner, or the scanner has limited functionality which isn't able to kill the processes."
Several anti-virus vendors have posted free detection and deletion tools, however, that are able to see through Sober's cloak of invisibility. Panda Software, for instance, offers QuickRemover.
Microsoft's Windows Malicious Software Removal Tool, which was updated Tuesday as part of the regular monthly security bulletin release, also sniffs out Sober.p.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2018 State of the CloudCloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
A New World of IT Management in 2019This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.