Security experts believe that network security administrators should not be overly concerned about the anticipated outbreak of the Sober virus expected in early January 2006 but should focus on taking preventive measures and removing infected computers from their systems.
According to security firm McAfee, if the Sober attack occurs as predicted, the impact can be significantly mitigated because we are aware of its root causes.
Only those systems infected with a variant of the Sober virus will be able to update and initiate an attack from the latest variant on January 5, 2006. If these systems have been warned and eliminated the infected variant before January 5, 2006, the upcoming attack will likely be ineffective.
McAfee noted that administrators have a substantial amount of time and prior warning to clean their systems. However, the company also cautioned against underestimating the situation and emphasized the need to be prepared for any eventuality.
“The worst-case scenario is that systems fail to eliminate the Sober variants, leading to a severe outbreak and widespread infection.”
Finnish security firm F-Secure also highlighted the importance of this issue. “Look at Sober.Y – the latest variant of Sober as named by F-Secure – which has been spreading rapidly recently. Currently, this virus still accounts for up to 40% of all virus infection reports sent to us. We should remain cautious.”
Conversely, iDefense warned about the potential domino effect, where systems compromised by hackers are used to send emails containing the Sober variant everywhere. However, once the network systems are scanned and cleaned, filtering out virus-laden emails becomes a relatively simple task and will help us limit this new attack.
