Sober Worm Outbreak Under Control

Concerns over the latest potentially high-profile Internet worm attack seem to have been allayed this week, as security vendors, their partners and customers seem better prepared than usual to deal with the threat.

The Sober.Y worm assault was expected to hit in a big way today or tomorrow. Industry groups believe the worm to have originated in Germany, and Jan. 5 is the anniversary of the founding of the Nazi party. The worm first was released in October 2003 and, variations of it have been launched more than 30 times since then, often on dates that are somehow notable in Germany. The most recent attack came on Nov. 22 to coincide with the inauguration of the country's first female chancellor. The Sober worm activity also is expected to spike on five or six more days between now and March.

The worm itself isn't particularly threatening to computer systems, but instead is an attempt to infiltrate people's PCs and then use them to send out mass quantities of spam posing as e-mail from various crime-related government agencies in the United States, United Kingdom and Germany.

"The recent virus isn't so destructive, but it sets up shop on your computer to create spam zombies and bot-nets," says Andrew Lochart, senior director of marketing for e-mail security vendor Postini.

id
unit-1659132512259
type
Sponsored post

He says Postini charted about 37 million instances of the worm in the past 24 hours, but, unlike past worm attacks, most solution providers and customers are better prepared to shrug off the threat.

"The good news is, people are protecting themselves from it," Lochart says. "Most businesses have understood for a few years that viruses are a top security priority."

Andy Greenwalt, CTO of Perimeter Internetworking, a managed security services provider in Charlotte, N.C., says the previous releases of the virus have made this instance much easier to prepare for, regardless of how widely dispersed the worm ends up being in the next few days.

"We've seen an increase in e-mail volume, but nothing shocking," he says. "We've worked with partners and customers to understand their computing environments, and we've spent a lot of time deconstructing the worm. It's been very effective in mutating and changing, but it's nothing like when we first saw the Nimda worm."