Article

Updated: Worm poses as FBI mail, dirty Paris Hilton video

Bill Brenner

A new variant of the prolific Sober worm has gained traction, posing as an FBI message and as pornographic videos of hotel heiress Paris Hilton, several antivirus firms reported.

Most AV vendors have labeled this latest variant Sober-K, though Panda Labs is calling it Sober-M and McAfee is calling it Sober-l@MM. And while its appetite for disruption is nothing compared to last year's Mydoom-A attack, it is spreading rapidly enough to be considered a nuisance, said Alex Shipp, senior AV technologist for New York-based MessageLabs.

"To give you some perspective, we stopped 41,000 copies of Sober-K Monday and 27,000 copies so far [Tuesday]," Shipp said. "With last year's Mydoom-A attack, we stopped 50,000 copies in the first hour."

The FBI issued a

    Requires Free Membership to View

statement warning users not to click on unsolicited e-mails claiming to come from @fbi.gov addresses.

"These e-mails did not come from the FBI," the statement said. "Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner."

Finnish security firm F-Secure said Sober-K appears to be the source of these messages, which read:

"Dear Sir/Madam,

We have logged your IP-address on more than 40 illegal Websites.

Important: Please answer our questions! The list of questions are attached.

Yours faithfully,

M. John Stellford

++-++ Federal Bureau of Investigation -FBI-

++-++ 935 Pennsylvania Avenue, NW, Room 2130

++-++ (202) 324-3000

Related news stories

New sober variant in the wild

Some 'Sober' on new worm variant

Sober-A pretends to be virus fix

Sober-K's Paris Hilton messages carry such subject lines as "Paris Hilton, pure!" and "Paris Hilton SexVideos," Lynnfield, Mass.-based Sophos said in an alert. It tries to determine whether its intended victim speaks German or English, then sends a message in either language. As of Tuesday, Sophos said it was the third most commonly encountered worm, amounting to more than 10% of all worms and viruses reported to the firm's global network of monitoring stations in the last 24 hours.

"This latest variant of the Sober worm may catch out the unwary as they open their e-mail inbox," Graham Cluley, Sophos' senior technology consultant, said in a statement. "Although much-publicized virus outbreaks in the past should have made users more nervous of double-clicking on unsolicited e-mail attachments, some still find it hard to resist. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection."

Shipp said Sober-K is spreading mostly in Europe, and that it quickly gained traction there Monday morning as people were turning their computers on at the start of the work day. "Historically, Sober tends to spread quite well in Europe, but by the time it travels to other countries most antivirus has been updated to stop it."

One reason folks might fall for opening this one: Hilton, who's image is plastered all over entertainment TV shows and magazines, does have a pornographic home movie circulating. One of the socialite's former lovers videotaped a tryst and then decided to distribute it for a fee.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: