Sober Worm Spreads
The W32.Sober worm continues to spread after its initial release in Germany. The worm propagates using its own SMTP engine and may claim to be a fix from Microsoft or antivirus vendors.This summers crop of mass mailing DCOM- and RPC-exploiting worms has made "get the patch" a mantra for most savvy users. However, the latest worm throws that reliable action into the gray area, especially for novice users. Thats because the latest batch of worms are posing as e-mailed fixes from Microsoft. W32/Dumaru (several variants),and W32/Swen.A, are multi-level or blended threats that hit your email box demanding that you "Install this patch immediately", among other subject lines. If your antivirus software is a little out of date, and doesnt catch these recent threats, you could be in trouble since these worms will disable most AV processes. The latest up and coming threat is W32.Sober, which appears to have originated in Germany and is quickly spreading through Europe and the US.
While business and consumers deal with the latest virus scourge, several sources reported last week that US State department, of all places, got hit Sept 24th. An unclassified section of the State Departments intranet system was shut down for around nine hours by the W32/Welchia worm. W32/Welchia, first reported in August, is an almost altruistic worm, disabling and deleting MSBlast.exe from a previously W32/Blaster.worm infected machine, and installing itself. It then attempts to download and update the system with Microsofts DCOM/RPC vulnerability patch, preventing re-infection by Blaster.