Sober reloaded
German government alert over Monday botnet update
Posted in Malware, 20th May 2005 15:52 GMT
Free whitepaper – Transforming IT culture
Zombie PCs infected with the Sober-P worm are set to reactivate on Monday, 23 May. Sober-P posed as offers of a free ticket for next year's World Cup and set up backdoor access on compromised PCs, claiming thousands of victims since its first appearance earlier this month.
These infected machines were later used to generate a German hate-mail spam outbreak this week. The sheer volume of this deluge illustrated the potential for further mischief.
The German Federal Office for Information Security (BSI) warned on Friday that the Sober P worm will become "active' again this Monday, and may launch another Trojan. Email security firm CipherTrust said that virus authors could reprogram this botnet to send out yet more spam, propagate secondary infections or launch a denial of service attack.
As CipherTrust notes, just because this might happen doesn't necessarily mean that it will. It will likely turn out to be a damp squib, as previous warnings - notably made during the Code Red hype cycle - turned out to be. Nonetheless the alert illustrates the pressing need to disinfect machines compromised by Sober-P. ®
Related links
BSI's Sober P warning (in German)
Related stories
World Cup worm gives Windows users the willies (Sober-P)
Sober infected PCs spew right-wing 'hate spam'
FBI blows Code Red all-clear
The Register Webcast - Desktop Support : The Hub of IT
The Register Guide to managing spam
The Register Green Computing Report
Secure Mobile Working
Risk and Resilience
