E-mail security companies are warning of a new variant of the Sober worm that is rapidly spreading worldwide, disguised as a message from the FBI.
Earlier this week, the FBI warned internet users to be on the lookout for the worm, which is attached to a message claiming to be from the Bureau. The e-mail warns users that their internet use has been monitored by the organisation and that they have visited illegal websites.
The e-mail asks them to fill in a “questionnaire” that is attached to the e-mail, but, when clicked, the attachment unleashes a variant of the Sober worm, which first appeared in 2003.
The worm tries to turn off the PC’s security settings, is able to steal information for remote hackers, and replicates itself via the infected user’s e-mail address book. By rapidly replicating, the worm has the capability to crash networks.
MessageLabs, a provider of managed e-mail security services to businesses worldwide, says it has already intercepted more than 2.7m copies of the Sober variant, with some copies also hidden in spoofed CIA e-mails.
MessagLabs said, “The size of the attack indicates that this is a major offensive, certainly one of the largest in the last few months.”
Another managed e-mail company confirmed the widespread infection rates. Email Systems said, “Since the virus first struck at around 7pm this Monday, the number of viruses being sent per hour has approximately tripled.”
Email Systems said this indicates that the worm has been written to rapidly exploit the so-called “zero hour” holes in anti-virus security software – the time before anti-virus software writers have prepared and distributed an update to repair infected PCs.
The company said that currently there are around 30-times the usual quantity of virus-infected e-mails being sent and received.
Neil Hammerton, chief executive officer of Email Systems, said, “Although anti-virus updates are actually now available from the major software vendors, it seems as though this particular variant managed to quickly grab a sufficiently large foothold to continue to propagate once the fixes were unveiled.”