Nov 23, 2005 (10:11 AM EST)
Newest Sober Variant: Biggest Worm Attack Of The Year

Read the Original Article at InformationWeek

1   2  
The Sober worm outbreak that began in earnest Tuesday has been dubbed the world's largest mass-mailed malware attack of 2005 by a Finnish security firm.

"The numbers we're seeing [with Sober] are just huge. This is the largest e-mail worm outbreak of the year so far," wrote Miko Hyppönen, chief research officer of F-Secure, in an online alert.

Meanwhile, Denver-based MX Logic said that Sober was accounting for one in every eight e-mails.

The newest member of the Sober worm clan -- called Sober.x, Sober.y, and Sober.z by various anti-virus vendors -- began spreading Monday and quickly picked up steam Tuesday. Analysts pinned its success on social engineering expertise, technical skill, or a combination of the two.

Many of the messages arrive with fake From: addresses of the FBI, CIA, and overseas police agencies such as Germany's Bundeskriminalamt, for example, to trick users into opening the attachment. Others pose as video clips of pseudo-celebrities such as Paris Hilton and Nicole Richie.

Like other Sober variants, this one spreads using its own SMTP engine to send copies of itself to addresses it hijacks from compromised computers. SMTP use port 25 to transmit its e-mail traffic.