E-mail security companies are warning of a new variant
of the Sober worm that is rapidly spreading worldwide, disguised as
a message from the FBI.
Earlier this week, the FBI warned internet users to be on the
lookout for the worm, which is attached to a message claiming to be
from the Bureau. The e-mail warns users that their internet use has
been monitored by the organisation and that they have visited
illegal websites.
The e-mail asks them to fill in a “questionnaire” that is
attached to the e-mail, but, when clicked, the attachment unleashes
a variant of the Sober worm, which first appeared in 2003.
The worm tries to turn off the PC’s security settings, is able
to steal information for remote hackers, and replicates itself via
the infected user’s e-mail address book. By rapidly replicating,
the worm has the capability to crash networks.
MessageLabs, a provider of managed e-mail security services to
businesses worldwide, says it has already intercepted more than
2.7m copies of the Sober variant, with some copies also hidden in
spoofed CIA e-mails.
MessagLabs said, “The size of the attack indicates that this is
a major offensive, certainly one of the largest in the last few
months.”
Another managed e-mail company confirmed the widespread infection
rates. Email Systems said, “Since the virus first struck at around
7pm this Monday, the number of viruses being sent per hour has
approximately tripled.”
Email Systems said this indicates that the worm has been written
to rapidly exploit the so-called “zero hour” holes in anti-virus
security software – the time before anti-virus software writers
have prepared and distributed an update to repair infected PCs.
The company said that currently there are around 30-times the
usual quantity of virus-infected e-mails being sent and
received.
Neil Hammerton, chief executive officer of Email Systems, said,
“Although anti-virus updates are actually now available from the
major software vendors, it seems as though this particular variant
managed to quickly grab a sufficiently large foothold to continue
to propagate once the fixes were unveiled.”