Tech Shout!

Security company F-Secure, has been tracking the latest variant of the Sober worm and is now giving out a Radar Level 1 Alert on it. Level 1 is the highest alert level on F-Secure’s 3-step alerting system.

Internet operators have found several millions of infected emails over the last hours. F-Secure feels that one of the factors responsible for the successful spreading of the email worm is that some of the messages it sends are fake warnings from FBI, CIA or from the German Bundeskriminalamt (BKA).

Examples of such messages include:

Dear Sir/Madam,
We have logged your IP-address on more than 30 illegal Websites.
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
*** Federal Bureau of Investigation -FBI-

Such emails appear with an attachment, which will infect the computer once opened.

Sober was first found in October 2003 and 25 variants have been found since. F-Secure says that all 25 variants of this virus have been written by the same individual, operating from somewhere in Germany. Unlike most of the other widespread viruses nowadays, Sober doesn’t seem to have a clear financial motive behind it.

Some Sober variants have displayed neo-nazi messages, however the latest version of the virus does not do this. However, all Sober variants send German messages to German email addresses and English messages to other addresses.

Mikko Hypponen, chief research officer, F-Secure Corporation, said, “The numbers we’re now seeing with Sober.Y are just huge. This is the largest email worm outbreak of the year - so far!”

MessageLabs, provider of managed email security services, maintains that it has intercepted over 2.7-million copies of a new Sober virus.