New Sober variant an efficient worm, but infections already dying down

The latest Sober variant is spreading around the world and has infected millions of computers. The new worm disguises itself as an official email from the FBI, CIA or Bundeskriminalamt (Germany's federal police) and asks people to open an attachment - apparently convincing enough for many users to do so. The attachment scans for email addresses and sends copies to other computers. In addition, the worm disables Microsoft's anti-malware tool.

Trend-Micro, which dubbed the new variant as WORM_SOBER.AG, said that the text of the email warns the reader that they are suspected of surfing illegal websites. The email headers are spoofed and are made to look like they come from the FBI, CIA or Bundeskriminalamt. Readers are instructed to open the attachment and answer questions. The attachment does several things. First, it scans for email addresses and then sends copies of the email to other people. The attachment also disables Microsoft's anti-malware tool. In addition, pop-up windows tell the user that no virus was detected inside the attachment.

Perry isn't surprised that people still open these emails and adds, "There a billion people on the Internet and 400 million of those are new this year. They are newbies." In addition, he says better social engineering techniques and the ease with which email headers can be spoofed cause Internet users, new and old, to continually open these infected emails. According to Perry, the real damage from this worm is that it "cuts deep into our trust of email."

Perry told us that the new worm is nothing special from a technological standpoint. "Other than the replication and disabling of Microsoft's tool, it doesn't really have any payload," says Perry. He adds that hackers tend to go after two targets, Microsoft and the phone companies. "Hackers really hate Microsoft. This tool searches for the Microsoft tool and terminates it. "It's not looking for Trend-Micro, Symantec, Mcafee or any of the others," says Perry.

TOPICS

Humphrey Cheung was a senior editor at Tom's Hardware, covering a range of topics on computing and consumer electronics. You can find more of his work in many major publications, including CNN and FOX, to name a few.