Sober reloaded

German government alert over Monday botnet update

Zombie PCs infected with the Sober-P worm are set to reactivate on Monday, 23 May. Sober-P posed as offers of a free ticket for next year's World Cup and set up backdoor access on compromised PCs, claiming thousands of victims since its first appearance earlier this month.

These infected machines were later used to generate a German hate-mail spam outbreak this week. The sheer volume of this deluge illustrated the potential for further mischief.

The German Federal Office for Information Security (BSI) warned on Friday that the Sober P worm will become "active' again this Monday, and may launch another Trojan. Email security firm CipherTrust said that virus authors could reprogram this botnet to send out yet more spam, propagate secondary infections or launch a denial of service attack.

As CipherTrust notes, just because this might happen doesn't necessarily mean that it will. It will likely turn out to be a damp squib, as previous warnings - notably made during the Code Red hype cycle - turned out to be. Nonetheless the alert illustrates the pressing need to disinfect machines compromised by Sober-P. ®

Related links

BSI's Sober P warning (in German)

Related stories

World Cup worm gives Windows users the willies (Sober-P)
Sober infected PCs spew right-wing 'hate spam'
FBI blows Code Red all-clear

Sponsored: Designing and building an open ITOA architecture