Users login

Create an account »


Users login

Home » Hacking News » Sober worm – suspicious inactivity

Sober worm – suspicious inactivity

by Ivana Strahija on January 8th, 2006 Patching systems and disabling Sober downloadable websites may have put the worm to sleep. Many security experts are relieved, but many also warn that Sober is still a threat.

The Sober variant programmed to be reactivated at midnight on 5. January has failed to spread, but remains a dormant threat, because it can be remotely executed. Moreover, every few days the worm also generates new URL addresses from which it then attempts to download malicious code. All this means that the worm could start spreading again in future.

This Sober version is particularly nasty because it comes with its own SMTP engine to spread itself and the code has been tweaked to send out copies much faster than earlier versions. Even though it seems to be doing little damage to corporate networks at the moment, there is still an enormous amount of e-mail traffic that is being generated by it.

One computer security company has blocked over 53 million e-mails containing the latest Sober variant on behalf of its clients. That number is about ten times higher than the next most prolific worm and represents close to 98 percent of all e-mails blocked by that firm.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »