The recent surge of the new Sober virus variant has been identified as the largest email-based attack of dangerous malware in 2005.
Miko Hyppönen, a senior research scientist at F-Secure, believes this is the largest email virus attack observed so far this year. The number of emails carrying the Sober virus has reached an astonishing level.
According to statistics from MX Logic, for every eight emails sent, one carries the Sober virus.
The latest variants of the Sober virus—known as Sober.x, Sober.y, and Sober.z depending on the naming conventions of different security firms—began spreading online last Monday and saw a significant increase in activity the following day. Analysts suggest that the ‘success’ of this new variant can be attributed to the skills of the virus programmer.
This time, the new Sober variant disguises itself within spoofed emails supposedly from the FBI, CIA, and various international police agencies, tricking users into opening attached files. Others have been disguised as videos featuring Paris Hilton or Nicole Richie.
Similar to previous Sober variants, this new iteration spreads via the SMTP engine, the primary engine for sending emails, allowing the virus to send copies of itself to email addresses stored on the infected computer through port 25.
As a result, security firms are advising ISPs to block port 25 to prevent the spread of this new Sober virus variant.
Sophos categorizes the Sober virus as posing the highest level of danger, while Symantec and McAfee rate this variant as having a medium level of risk.
HVD
