More on the Sober Worm - could lead to new increase in spam

Silicon.com reports that the new Sober worm now accounts for 79% of all virus traffic and 1 in 22 of every email.

Apparently part of its actions include disabling your anti-virus and Windows firewall. This was a major weakness that was raised in the Windows software wirewall built into XP (and automatically enabled post SP2) - it allows software running on your computer to disable it - including malware.

The current thought is that these disabling tactics are to setup the newly compromised machines for an oncoming attack - perhaps to create more spam zombie machines. So we might have a new spam surge on our way.

Note that it so far it appears that the success of this worm seems largely in part of spam tactics of mass mailings and social engineering. It uses phrases and techniques to make users think that the message is something that they really should open, and it also makes them think it is safe and has already been scanned and shown to be free of viruses. When that is not necessarily the case.

I have seen a massive reduction in my home accounts in the number of these Sober messages coming in - but a huge increase in the messages we are seeing blocked at work.

Posted by Eric at May 5, 2005 09:02 AM | TrackBack