X

Sober worm makes a comeback

Mass-mailing pest is spreading again, harvesting e-mail addresses for spammers, security companies have warned.

2 min read
The Sober.P worm is still spreading fast and made up almost 5 percent of all e-mail traffic on Friday morning, according to a U.K. antivirus company.

Sophos said that the worm accounts for around 77 percent of all virus activity it is seeing. The company said the Sober variant is still spreading, even though large corporations appear to have patched the vulnerabilities that the virus uses to propagate.

"It's lingering around like a nasty smell and spreading in big numbers," said Graham Cluley, senior technology consultant at Sophos. "It's still at the same level in that it's 4.65 percent of all e-mail out there. We can't be sure how many people it's infecting, but we think most big business will be protected."

Sophos reported earlier this week that Sober.P appears to turn off Symantec's antivirus protection and the Microsoft Windows XP firewall, probably as a way of preparing computers to distribute spam and to spread itself wider.

"That's probably why it has become widespread so quickly," Cluley said. "(Virus writers) used spam technology to send it out. Now it's just perpetuating."

Sober.P--which security companies have variously tagged as Sober.N, Sober.O or Sober.S--travels as an attachment in e-mails written in English and German. One of the most widely reported e-mails contains an alluring message stating that the recipient has won free tickets to the 2006 World Cup in Germany, but many other types have also been spotted. Once opened, the virus sends itself to e-mail addresses harvested from the infected machine.

Dan Ilett of ZDNet UK reported from London.