Sober reloaded
Print storyGerman government alert over Monday botnet update
Posted in Anti-Virus, 20th May 2005 15:52 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Zombie PCs infected with the Sober-P worm are set to reactivate on Monday, 23 May. Sober-P posed as offers of a free ticket for next year's World Cup and set up backdoor access on compromised PCs, claiming thousands of victims since its first appearance earlier this month.
These infected machines were later used to generate a German hate-mail spam outbreak this week. The sheer volume of this deluge illustrated the potential for further mischief.
The German Federal Office for Information Security (BSI) warned on Friday that the Sober P worm will become "active' again this Monday, and may launch another Trojan. Email security firm CipherTrust said that virus authors could reprogram this botnet to send out yet more spam, propagate secondary infections or launch a denial of service attack.
As CipherTrust notes, just because this might happen doesn't necessarily mean that it will. It will likely turn out to be a damp squib, as previous warnings - notably made during the Code Red hype cycle - turned out to be. Nonetheless the alert illustrates the pressing need to disinfect machines compromised by Sober-P. ®
Related links
BSI's Sober P warning (in German)
Related stories
World Cup worm gives Windows users the willies (Sober-P)
Sober infected PCs spew right-wing 'hate spam'
FBI blows Code Red all-clear
Free whitepaper – Certify your software integrity with Thawte code signing certificates
Hosted security IT manager's guide
Jump start your Application Security initiatives
Securing your Apache web server with a Thawte digital certificate
Vulnerability management buyer's checklist
Email continuity
Google cloud told to encrypt itself
Buggy 'smart meters' open door to power-grid botnet
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive