Posted: 24th Nov, 2005 By: MarkJ
Most anti-virus firms are reporting that a new form of the Sober virus (worm), which pretends to come from the FBI or CIA, is propagating at lighting speed and looks set to top November's chart.
The virus is rated by most as a medium risk, only infecting a computer and mailing itself on to all the addresses it can find when the recipient opens its .ZIP attachment. Sadly, despite the warnings, many still open the attachment *doh!*:
MessageLabs, the leading provider of managed email security services to businesses worldwide, has intercepted over 2.7-million copies of a new Sober virus, many of which are being spoofed to appear as though they are sent from the FBI or the CIA. The first copy was stopped at 19:00 GMT on 21st November. The size of the attack indicates that this is a major offensive, certainly one of the largest in the last few months.
These emails suggest to recipients that their Internet use has been monitored by the FBI or CIA and that they have accessed illegal Web sites. The email directs users to open the ZIP attachment containing the executable, which once opened delivers the Sober virus payload. It then spreads by searching the infected computer for other email addresses to send copies of itself to, but ignoring any domains for certain security organizations, including MessageLabs.
Over the past couple of days some of our Inboxes have been full of this one, so were not surprised that its spreading fast.
Now if only some Internet users would learn a little common sense and stop opening what has to be one of the most blatantly fake e-mails ever.