News Stay informed about the latest enterprise technology news and product updates.

A Sobering return from the holiday weekend

AV firms are eyeing several new threats, including a Sober variant now responsible for one out of every 14 e-mails on the Net. This as many users fire up PCs after a four-day holiday break.

IT administrators will want to be on guard as employees fire up their computers after a four-day holiday break. AV firms have spent the last few days monitoring a significant spike in traffic from multiple variants of Sober, Bagle and Mitglieder.

Sober has gotten the most attention since going on a tear last week. New variants of the worm gained traction by duping people with either fake messages from the FBI and CIA, or a promise to display new photos and videos of "Simple Life" stars Paris Hilton and Nicole Richie. UK-based AV firm Sophos singled out Sober-Z as the biggest offender, noting on its Web site this morning that the worm now accounts for more than 85% of all virus reports it has received.

"Accounting for a staggering one in 14 of all e-mails traveling across the Internet, the Sober-Z worm sends itself as an e-mail attachment and attempts to turn off security software on the user's computer," Sophos said. In addition to the fake messages from the FBI and CIA, infected e-mails look like these:

From: (Harvested address)
Subject: hi, ive a new mail address
Message text: hey its me, my old address dont work at time. i dont know why?! in the last days ive got some mails. i' think thaz your mails but im not sure! plz read and check ... cyaaaaaaa.

More on Sober

Read our exclusive: Sober exploits fear of government, lust for Paris Hilton

Learn about Sober variants that spy on passwords

From: (Harvested address)
Subject: Paris_Hilton_&_Nicole_Richie
Message text: The Simple Life: View Paris Hilton & Nicole Richie video clips , pictures & more ;) Download is free until Jan, 2006! Please use our Download manager.

Meanwhile, AV firms Kaspersky Lab of Russia and F-Secure Corp. of Finland have been monitoring new variants of Bagle, which have been spreading as a worm and a Trojan horse. At last count, Kaspersky had intercepted 12 programs created by Bagle's authors: five Trojans, labeled Trojan.Downloader.Win32.Bagle-D through -H, and seven worms, labeled Bagle-EO through -EU.

"All of this activity is with the aim of finding new machines to infect to keep the Bagle botnet running," Kaspersky Lab said on its blog.

Finally, PandaLabs, a unit of Glendale, Calif.-based Panda Software, has reported a surge in traffic from the Mitglieder Trojan.

"The number of infections caused by the Mitglieder-GB Trojan continues to increase, and it now affects computers around the globe," PandaLabs said in an e-mailed alert. "According to data collected by PandaLabs, Belgium, Poland, Colombia and Portugal are the countries most affected by this threat…"

While these AV firms consider the increase in malicious traffic significant, Cupertino, Calif.-based AV giant Symantec Corp. has kept its ThreatCon at Level 1, meaning that "there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating." Under these conditions, Symantec said, "only a routine security posture designed to defeat normal network threats is warranted."

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.