Give me an N…no wait, make that an M

This morning F-Secure posts a notice on a new variation of the Sober worm, and they call it Sober-N. Then, late this evening Sophos says there is a new worm out there, and they call it Sober-M.

Now both descriptions sound alike, and the timing is a little uncanny. Either someone miscounted when labeling the next derivation of the nasty email bug, or these things are getting changed awfully fast. Either way, it could cause problems.

If someone screwed up, and someone else doesn’t get the story straight, some anti-virus firm is going to get their .DAT files screwed up, and an innocent subscriber is going to get burned. For those not in the know, a .DAT file is a library of virus definitions on a computer system that tells the anti-virus software what to look for when scanning for viruses. If you don’t frequently update those DATs, you are going to get burned.

Now if these Sober worms are getting changed so quickly now that more than one new one is popping up a day, everyone (using Windows) is in trouble. That phenomena would create what is called a “zero-day scenario,” where a virus is able to spread far and wide the first day out, before anti-virus firms can get a hold of the code and develop a definition for it. In such a case, you get burned.

The best bet right now is to not open up any file attachments that are .ZIP files, if you aren’t expecting one. Even if it comes from a friend, don’t open it, period.

If you are really paranoid (like I am), go buy a PowerBook (like I did), then you’ll have little to worry about.