New email virus unleashed
by di-ve news


Tuesday, 03 May, 2005

A new email bourne virus was unleashed, making the round of email servers worldwide. Malta has not been spared, and mail server systems started intercepting emails infected with this new virus on Monday night. This new virus, is known as 'Sober' or more technically, "W32/Sober.p@MM" and "W32.Sober.O@mm".

This massive influx of virus infected emails is affecting mail server delivery times the world over, and delays in receiving emails are being felt by Internet users.

This 'Sober' virus is a mass-mailing worm that sends itself as an email attachment to addresses gathered from the compromised PC's email address book. The email may be in either English or German, and contains an attachment.

The technical team at maltaNET took immediate action on maltaNET's and di-ve.com's email servers so as to prevent customers from receiving these email viruses. The team managed to block the distribution to maltaNET customers within a couple of hours.

We would like to remind Internet users to update their anti-virus software and to make sure the most recent update is downloaded. Moreover, email attachments should be opened with care, and if there is a suspicion that an email is not genuine, it should not be opened.

Further information about the virus can be found on:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=133409

http://www.di-ve.com/dive/portal/portal.jhtml?id=181911&pid=1
--------------------------------------------------------------------------
Be on the lookout!

http://www.pcpro.co.uk/news/72377/new-sober-worm-causes-havoc-with-promises-of-world-cup-tickets.html

New Sober worm causes havoc with promises of World Cup tickets 5:45PM
The latest variant of the Sober worm is causing havoc across Europe according to security experts.
Moscow-based Kasperky Labs says the worm is the most common malicious file in circulation and has already broken European records for numbers and speed of propagation, since its 2 May discovery.

The UK's Sophos says four in five virus reports are due to this Sober variant and infected mail is taking up a big chunk of all email traffic. 'One in every 22 emails sent across the Internet is currently infected by the Sober-N worm - making this one of the biggest virus outbreaks of the year,' said Graham Cluley, senior technology consultant for Sophos. 'All internet users must secure their systems with up-to-date anti-virus software and ensure that they never open unsolicited email attachments. No-one should be fooled into thinking that email viruses are a thing of the past.'

Finland's F-Secure thought that the worm may cause but a ripple

when it was first spotted. It said that previous variants were very much endemic to Europe, and that with the long May Day weekend, most antivirus companies will have updated their customers with new signatures to stop the new Sober. So when workers returned to their offices on Tuesday, protection should already have been in place.

While it seems likely that this has indeed happened, Sober infections have been escalating despite this. But then timing may also have played its part in its success: the worm posed as a confirmation of a ticket purchase for the 2006 World Cup, and the second phase of tickets went on sale 2 May, just as the virus was being seeded.

So it would seem that the Europeans' passion for the beautiful game has had them opening infected emails on their home computers. Cluley said: 'Many people found the prospect of free tickets to the prestigious sporting event just too hard to resist.'

Indeed, FIFA has itself issued a warning about the worm, advising people that it does not send attachments in its confirmation emails and that the [email protected] and [email protected] addresses should be read as a clue that the email carries a virus.

Clearly, the state of security on consumer PCs is wanting. In spite of the best efforts of businesses that need to secure themselves against virus attacks, epidemics can still happen, and any claims that the age of email worms is ending are sadly premature.

Matt Whipp

This one hit fast. I saw several of them get through here at work. At the time they first showed up, there was next to no info on the web about it, nor virus definitions that would catch it.

We don't normally see truely new virus here that often.

I have had two e-mail alerts from Norton this week and one from my ISP.

ive found 5 of these from some reputable looking addresses this weekend alone. the bad thing about a virus like this is it attacks the hosts email contacts, so if someone you know gets it, they send it to you. the attachment i looked at was named "our secret.zip" norton AV cought it right away, antivirus updates are a good idea this one is spreading fast, as of friday it accounted for 5% of all web traffic