Sober judgement for virus writers

Multi-lingual W32/Sober-A worm causes most problems in November

Written by Robert Jaques

vnunet.com, 02 Dec 2003

The previously unknown W32/Sober-A worm has caused more infections than any other virus in November 2003, according to antivirus firm Sophos' monthly ranking.

The firm said that although Mimail variants made five appearances in this month's chart - totalling over a quarter of all reports - the multi-lingual Sober worm had caused the most problems.

"Sober-A cunningly disguises itself using a multitude of subject titles and messages, making it difficult to spot," said Chris Belthoff, senior security analyst at firm Sophos.

"It can even present itself in German if it thinks it is being examined on a German user's computer."

The Mimail worms attempt a number of different tricks, including trying to steal credit card information from Paypal users.

"Virus writers and hackers are becoming more determined to steal confidential information, which could leave a deep hole in a victim's pocket," warned Belthoff.

The top 10 viruses in November 2003, according to Sophos, were:

1 W32/Sober-A 32.6% (New entry)
2= W32/Mimail-C 9.5%
2= W32/Mimail-F 9.5%
4 W32/Dumaru-A 8.0%
5 W32/Mimail-A 5.1%
6 W32/Gibe-F 4.5%
7 W32/Nachi-A 2.6%
8 W32/Mimail-J 2.4%
9 W32/Klez-H 2.2% (22 months in chart)
10 W32/Mimail-E 1.5%
Others 22.1%

The security company's monthly research also revealed that a revamped version of the Hotmail hoax, promising users extra storage space if they forward an email to their friends, helped keep the hoax at the top of the list.

Belthoff said in a statement: "Creeping into the chart is the 'Do not push 90#' chain letter, which is based on an actual telephone scam from the early 1990s and has caused people to be unnecessarily alarmed.

"If you receive a virus hoax, chain letter or email scam, you should delete it immediately and resist any temptation to forward it on."

The top 10 hoaxes reported to Sophos during November are as follows:

1 Hotmail hoax 31.3%
2 Meninas da Playboy 12.7%
3 Bonsai Kitten 6.2%
4 Budweiser frogs screensaver 4.7%
5 JDBGMGR 4.0%
6 A virtual card for you 3.8%
7 Bill Gates Fortune 3.0%
8 Frog in a blender/Fish in a bowl 2.9%
9 WTC Survivor 2.3%
10 Do not push 90# 1.8%
Others 27.3%

Tags:

Further reading

New worm masquerades as Microsoft update

Sober variant employs latest social engineering technique   More...

Sober.c more toxic than first thought

McAfee upgrades status of bilingual worm   More...

Most virulent worms of November

Sober, Swen and MiMail continue to wreak havoc   More...

Students delete history

Contrary to popular belief, Fred Cohen is not the father of the computer virus. So to whom does this dubious honour belong?   More...

Related articles

Do you agree?

Have your say on this article

Advertisement

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Watch

16 May 2008

2.97 MBXP on OLPC, broken dreams and Yahoo fights back More...

15 May 2008

3.28 MBDark fibre, mobile TV and solar power More...

14 May 2008

2.66 MBOnline inequality, mobile thumbprints and corporate raids More...

Listen to more

Poll

HOME WORKING

HOME WORKING

Do you let any or all of your employees work from home?

Previous poll results

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Spotlight

OLPC

OLPC to ship with Windows XP

Microsoft teams up with One Laptop per Child project   More...

The Sims

The Sims goes flat-pack with Ikea

Virtual world gets Swedish wood   More...

Advertisement

Microsoft-Yahoo

Yahoo board fights back at Icahn

Investor accused of 'significant misunderstanding' in Microsoft saga   More...

MySpace

Woman charged over MySpace suicide

Lori Drew indicted on federal charges   More...

Advertisement