Sophos

Talk to our experts

Find your local press contact

Resources

Info feeds

What are info feeds?

22 November 2005

Sober-Z worm poses as bogus messages from FBI or CIA Sophos protects customers proactively against new Sober-Z worm

Sophos products include Genotype technology to proactively defend against new threats
Genotype technology is built into all Sophos products, proactively defending against new threats.

Last updated 29 November, 11:00 GMT with latest statistics

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned internet users of an in-the-wild worm which is pretending to be an email from an FBI or CIA investigator.

In the last 24 hours, the worm has accounted for over 88% of all viruses reported to Sophos, making it currently the most prevalent virus spreading across the world. It has accounted for a staggering 1 in 13 of all emails travelling across the internet. The FBI is so concerned about the messages that it has issued a warning on its website.

The W32/Sober-Z worm arrives as an email attachment, and can use a variety of different messages, including the following:

Sometimes the emails claim to come from the same investigator, but at the CIA. Other versions pretend to be video clips from the Nicole Richie and Paris Hilton TV show "The Simple Life", or relate to the German version of the quiz show "Who wants to be a Millionaire".

If the attached file is run, the worm scans the user's hard drive for other email addresses, in its search for other computers to infect.

"This variant of the Sober worm may catch out the unwary as they open their email inbox this morning," said Graham Cluley, senior technology consultant at Sophos. "Every law-abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal websites and want click on the unsolicited email attachment. All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection."

In a statement, the FBI has urged users who receive the viral emails to report them to the Internet Crime Complaint Center at www.ic3.gov.

"Anyone who may have information about the Sober worm's author should report it to the computer crime authorities," continued Cluley. "This malware writer has been maliciously attacking innocent computer users for over two years, and must be stopped."

Sophos customers proactively protected against Sober-Z worm

Sophos's proactive Genotype™ technology was capable of detecting the Sober-Z worm proactively (naming it as W32/Sober-Gen), defending customers' computers without requiring an update. Sophos PureMessage, Sophos's consolidated email gateway solution which defends businesses against both spam and viruses, can also block the spam messages sent by the worm.

Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats and secure their desktops and servers with automatically updated anti-virus protection.

PDF Download now
Sophos Security Threat Report 2009
  • USA number 1 for malware and spam
  • Huge surge in email attachment attacks
  • Scareware makes users buy bogus products

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also: