Zombies Boost New Sober Variant

Anti-virus and e-mail security companies warned Internet users Tuesday about a new variant of the Sober worm that was flooding e-mail servers around the world, with help from zombie machines infected by earlier editions of the same worm.

Sober.AG is the latest in a long line of mass e-mail worms.

It appeared Monday, after machines infected with older variants began spamming out the new version in a massive e-mail flood.

The e-mail messages use a variety of subterfuges to trick recipients into opening the virus attachment, including messages that pretend to come from the FBI and CIA, security firms said Tuesday.

E-mail security vendor MessageLabs of New York City said it blocked more than 2.7 million e-mail messages with the new Sober variant since around 7 p.m. GMT on Monday in what it called a “major offensive.”

Symantec Corp. rated the worm, which it dubbed “Sober.X,” a “Level 3” threat on a scale of one to five.

The company has received more than 1,600 samples of the worm from corporations and 300 from consumers, Symantec said in an e-mail statement.

/zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Sober worms are nothing new, but the latest variant is much more widely distributed than other recent versions because it is being sent out, simultaneously, from countless other Sober-infected machines, or “bots,” said Symantec.

The new worm also uses a variety of enticing messages, in both German and English, to trick users.

Messages that appear to come from the FBI or CIA tell users that their IP address has been logged on “more than 30 illegal Websites,” and asks them to open an attached file containing a “list of questions.”

Opening the file launches the Sober worm and infects the computer, anti-virus vendors said.

/zimages/4/28571.gifClick here to read more insight about the Sober worm from columnist Larry Seltzer.

Other e-mail campaigns containing the Sober.AG worm promise recipients a glimpse of videos of jet-setters Paris Hilton and Nicole Richie if they open the file, according to an e-mail alert from Computer Associates International Inc.

The FBI issued a statement Tuesday warning the public to avoid falling for the scam.

Anti-virus vendors advised customers to update their anti-virus signatures and to be wary of scam e-mail messages. ´

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.