[ISN] Sober reloaded
InfoSec News
isn at c4i.org
Sat May 21 01:14:11 EDT 2005
http://www.theregister.co.uk/2005/05/20/sober_reloaded/
By John Leyden
20th May 2005
Zombie PCs infected with the Sober-P worm are set to reactivate on
Monday, 23 May. Sober-P posed as offers of a free ticket for next
year's World Cup and set up backdoor access on compromised PCs,
claiming thousands of victims since its first appearance earlier this
month.
These infected machines were later used to generate a German hate-mail
spam outbreak this week. The sheer volume of this deluge illustrated
the potential for further mischief.
The German Federal Office for Information Security (BSI) warned on
Friday that the Sober P worm will become "active' again this Monday,
and may launch another Trojan. Email security firm CipherTrust said
that virus authors could reprogram this botnet to send out yet more
spam, propagate secondary infections or launch a denial of service
attack.
As CipherTrust notes, just because this might happen doesn't
necessarily mean that it will. It will likely turn out to be a damp
squib, as previous warnings - notably made during the Code Red hype
cycle - turned out to be. Nonetheless the alert illustrates the
pressing need to disinfect machines compromised by Sober-P. ®
Related links
BSI's Sober P warning (in German)
http://www.bsi.de/presse/pressinf/200505soberp.htm
More information about the ISN
mailing list