Tag: Sober

The more viruses change, the more they stay the same

Sophos has, right on queue, reported the latest and greatest in viruses and hoaxes for February past.

Nyxem-D was first detected on 18 January and is still gathering momentum, accounting for 9.3% of this month’s reported malware. The email worm uses a variety of pornographic disguises in an attempt to spread and disable security software.

However, this headline-grabbing worm has failed to topple old-timer Netsky-P, which has climbed back to the number one spot after three months in the shadow of Sober-Z, programmed to stop spreading on 6 January 2006. Netsky-P was first detected in March 2004, and has relentlessly blighted unprotected users ever since.

Nyxem, Sober, Netsky. The everyday user doesn’t really care which worm is winning the internal battle, but rather that they are losing the external one.

Deserved of infection

If you don’t protect your computer from potential infection, you are complicit in the result. That doesn’t mean you deserve it though. If you are a child pr0n scoundrel, you deserve anything bad that can be dished at you, even if it is the Sober worm that gets you busted.

Sober undergoing overhaul

So the Sober virus has been cracked, and the details of its upcoming exploits have been published for the world to see. Wouldn’t it have been better to keep the whole thing under wraps, in hopes of catching the perp as they went about setting up those sites that Sober will be calling into?

If I was a smart hack, I’d be touching up my algorithms about now, and spreading a new version that would take another, what, year plus to figure out? If I was a dumb hack, I’d at least have moved onto something else already.

Time to start Sober “alphabet soup” all over again.

Don’t pick on my government!

There are a lot of well publicized problems with the US Government right now, so naturally people are going to pick on that fact. When the underground starts sending out worms in packages disguised as emails from the FBI and CIA, it becomes personal. They don’t need the distractions, and I am working on a project that is just risky enough for me to think I might be needing some food stamps somewhere down the road. So stop!

PS: at least the damage seems to be happening somewhere other than here.

Sober.guten Q.daten – no translation

A few weeks ago, Sober.P began making its rounds. It started foiling virus scanners, and was quickly in full production mode, sending out free tickets for World Cup soccer. Now, the Sober virus has mutated once again, and is now being blamed for a new barrage of spam.

Give me an N…no wait, make that an M

This morning F-Secure posts a notice on a new variation of the Sober worm, and they call it Sober-N. Then, late this evening Sophos says there is a new worm out there, and they call it Sober-M.

Now both descriptions sound alike, and the timing is a little uncanny. Either someone miscounted when labeling the next derivation of the nasty email bug, or these things are getting changed awfully fast. Either way, it could cause problems.