[ISN] Sober reloaded

InfoSec News isn at c4i.org
Sat May 21 01:14:11 EDT 2005


By John Leyden
20th May 2005

Zombie PCs infected with the Sober-P worm are set to reactivate on
Monday, 23 May. Sober-P posed as offers of a free ticket for next
year's World Cup and set up backdoor access on compromised PCs,
claiming thousands of victims since its first appearance earlier this

These infected machines were later used to generate a German hate-mail
spam outbreak this week. The sheer volume of this deluge illustrated
the potential for further mischief.

The German Federal Office for Information Security (BSI) warned on
Friday that the Sober P worm will become "active' again this Monday,
and may launch another Trojan. Email security firm CipherTrust said
that virus authors could reprogram this botnet to send out yet more
spam, propagate secondary infections or launch a denial of service

As CipherTrust notes, just because this might happen doesn't
necessarily mean that it will. It will likely turn out to be a damp
squib, as previous warnings - notably made during the Code Red hype
cycle - turned out to be. Nonetheless the alert illustrates the
pressing need to disinfect machines compromised by Sober-P. ®

Related links

BSI's Sober P warning (in German)

More information about the ISN mailing list