All quiet on the Sober front

The worm attack expected to take place today does not appear to have kicked off, but the threat remains, experts say.

Tom Espiner Special to CNET News
2 min read
The Sober attack predicted for Friday has not yet happened, possibly because of publicity earlier this week about a potential onslaught.

Computers that were compromised by a variant of the Sober worm in November had the potential to download malicious code from certain Web sites and then launch a new wave of viruses on Jan. 6.

F-Secure confirmed on Friday that it has not seen any evidence of an attack.

"It's great! This is good news," Mikko Hypponen, chief research officer at the Finnish security company, said Friday. "We've been monitoring the locations of the files that infected machines are now trying to download. So far none of them have activated."

MessageLabs also confirmed that it had seen no successful attack.

"We've not seen anything. This is what we envisioned would happen. Everyone knew about (it), and took steps to mitigate the effects. The virus writer is probably running scared. It's great--everybody in the antivirus community helped each other out," said Mark Toshack, manager of antivirus operations at the hosted e-mail and Web security specialist. Toshack suggested it would be good for the security industry to approach other malicious software threats in the same way.

F-Secure warned that now was not the time to be complacent, as the hacker could still try to activate the download routine.

"The Sober guy laid low, but he might publish a little later. We've seen secondary download routines with other variants uploaded by the writer when he's ready, so perhaps he's still writing it," he said. "It doesn't necessarily mean he won't activate the threat in the future."

Tom Espiner of ZDNet UK reported from London.