dslreports logo
site
spacer

spacer
 
   
spc
story category
Getting Sober
World combats mass mailing variant
by Karl Bode 11:07AM Thursday May 05 2005
Users in our security forum have spent a good portion of the week dealing with the spread of the latest Sober virus variant, which tricks e-mail recipients into opening a zip file by promising them they have won tickets to the upcoming FIFA World Cup 2006 in Germany. According to antivirus outfit Sophos, the worm, which has appeared in forty countries since Monday, made up four percent of the planet's e-mail (1 in every 22) as of yesterday, and accounts for 79% of all the virus activity the company is seeing.

view:
topics flat nest 

Tomek
Premium
join:2002-01-30
Valley Stream, NY

Nice

Since everybody loves football in Europe, it will spread faster than Anna Kournikova. But 4%? That damn a lot.
--
Semper Fidelis

AthlGrond
Premium,MVM
join:2002-04-25
Aurora, CO

1 edit

Re: Nice

said by Tomek:

Since everybody loves football in Europe
Which brings up the obvious question of who in the US would get this virus?

(Aside from the Europeans who just happen to be here of course...)

[Edit]
I guess I should have been more specific:

Who in the US would see "a zip file by promising them they have won tickets to the upcoming FIFA World Cup 2006 in Germany" and think that it's real? (Since almost no one in the US follows World Cup.)

Of course there are those people that will open anything, but of the remaining people... Come on!

[/Edit]
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Re: Nice

Well, it's clear that many users in the US still fall for emails that read "Your password" or "Your mail was rejected" and click on the attachment. Especially when there's also a message in some of them that read "No virus was found".
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages.

a drunk

@nrockv01.md.comcast.

Re: Nice

I was sober this morning... but now I'm drunk again

a

@qwest.net
only the computer illiterate could even possibly get this virus which is pretty much 75% of the US.

Derch
Premium
join:2004-10-16
Cross Plains, WI
I'm not quite an admin, but I do know that users will open any e-mail that says "free" in the subject line.
shashinka

join:2000-09-16
West Boylston, MA
No viruses around here. The only activity I have seen is from my firewall stating the there was a sober variant attacking or something but no attachments on any work or home e-mail of friends, family or coworkers.

Jim Gurd
Premium
join:2000-07-08
Plymouth, MI

Terminology

Maybe I'm confused but don't worms spread by themselves? If you have to click on a file and open it then that's not a worm but a virus (spread by social engineering).

Am I right about this?
ossito16

join:2004-07-31
Whiting, IN

Re: Terminology

to add on a question, is zip file basically a trojan horse. don't u have to click on file after it has been unzipped.
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

1 edit
It depends on how you define terms like "worm," "virus" and "trojan".

If you assume that a worm spreads itself and a virus has to be launched in order to spread, then Sober could be considered a virus.

However, the classic definition of a virus is code that spreads by infecting other code, e.g. executables, documents, or the boot sectors on floppy and hard disks, and is propagated via the sharing of infected files or disks. Worms on the other hand don't infect other executables, instead they proactively spread themselves over a network (which can including mass emailing). So by that definition, Sober is a worm.

A Trojan Horse, by its classic definition, is a program that does something malicious while claiming to be innocent. A classic Trojan would be one that claims to be a cool game or screensaver but it does bad things when you run it. By that definition, pretty much any email worm can be considered a Trojan as well, but by definition Trojans don't spread on their own.
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages.

woody7
Premium
join:2000-10-13
Torrance, CA

Hmmmmmmmmmm

How many times do you have to tell people not to open an email attachment, let alone one that is zipped......
--
BlooMe
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Re: Hmmmmmmmmmm

You could take a file virus.exe and zip it up as virus.zip, email it as an attachment in a message that says "VIRUS ATTACHED, DO NOT OPEN!" to everyone you know and someone will still open it.
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages.

Fatal Vector

@aol.com

Re: Hmmmmmmmmmm


They assume the zip file is safe because it is not an executable.

wxboss
This is like Deja vu all over again.
Premium
join:2005-01-30
Fort Lauderdale, FL

1 edit
You'd be surprised. It's like that old adage about leading a horse to water.

Some people, no matter how much you tell them, just can't comprehend.

It reminds me of the old Far Side cartoon where the 'mentally challenged' kid is pushing on a door that's clearly marked 'Pull.'

Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:3

Love the Title!

Just love the title!

hurleyp

join:2000-06-20
Ottawa, ON
Reviews:
·Rogers Hi-Speed

Annoying, but not fatal

I've received 4 "sobers" in the last couple of days, all caught by NAV. A couple of them were in PIF attachments - sheesh, pretty easy to catch.

Paul
--
"I reject your reality and substitute my own."

Aint that bad

@209.79.x.x

Job Security

Another day, another virus. At least i know i will always have a job

boog
Premium
join:2000-07-24
Trenton, OH

Re: Annoying, but not fatal

I have recieved about 75 of them from my work's email, avg didn't catch it while it was zipped, but as soon an I tried dropping it on the desktop to inspect it further it dissapeared. (yes I like to tinker with things, and I pulled my computer off my network to check out the virus)

Hank23

@cox.net

Bill Gates wants this

Stop running windows!

F*cking idiots!