Sophos

Talk to our experts

Find your local press contact

Resources

Info feeds

What are info feeds?

24 November 2005

The latest news on the Sober-Z worm outbreak One in 13 emails are now infected by the Sober worm, but Sophos customers protected

Sophos products include Genotype technology to proactively defend against new threats
Genotype technology is built into all Sophos products, proactively defending against new threats.

Last updated 29 November 2005 with latest statistics

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centres, are warning computer users that the new Sober-Z worm is spreading at such a rate that it now accounts for over 88% of all viruses reported to Sophos - making it currently the most widespread computer virus in the world.

Accounting for a staggering one in 13 of all emails travelling across the internet, the Sober-Z worm sends itself as an email attachment and attempts to turn off security software on the user's computer.

The worm lures innocent computer users into opening its infected attachments using a variety of tricks that include posing as an FBI or CIA agent with attached questions to be answered, and a phoney offer of Paris Hilton and Nicole Richie video clips from 'The Simple Life'. Instead, in the case of every Sober-Z attachment, the zip file contains a copy of the worm with the filename File-packed_dataInfo.exe. The worm then scans the user's hard drive for other email addresses, in its search for other computers to infect.

Typical email messages sent by the worm can include, but are not limited to, the following:

or

"The sheer rate at which this worm is spreading proves that the devious tricks used by the worm's creator are working," said Graham Cluley, senior technology consultant at Sophos. "This should be a wake up call to businesses across the globe as to the major level of threat that viruses pose to IT security. It's absolutely imperative that all organisations defend their networks from such attacks with a consolidated solution."

At 00:00 on 6 January 2006, the worm attempts to download further code from the internet. If no code is downloaded the Sober worm is programmed to stop replicating via email.

The author of the Sober worm has now been attacking innocent computer users for more than two years and Sophos is calling for anyone with information about the author to report it to the computer crime authorities.

Sophos customers proactively protected against Sober-Z worm

Sophos's proactive Genotype™ technology was capable of detecting the Sober-Z worm proactively (naming it as W32/Sober-Gen), defending customers' computers without requiring an update. Sophos PureMessage, Sophos's consolidated email gateway solution which defends businesses against both spam and viruses, can also block the spam messages sent by the worm.

Sophos strongly recommends companies thwart virus and spam threats and secure their desktops and servers with automatically updated anti-virus and anti-spam protection.

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also: