Anti-virus firm Kaspersky has just discovered a new Sober worm variant. The Sober.Q worm which is download by computers that are infected with the Sober.P worm. A few hours ago we reported Sober.P suddenly stopped spreading on Tuesday because the virus creator altered the code of the worm.
This is possible because Sober.P has built-in functionality to connect to websites to download and update its code. This is dangerous because it opens a wide range of possibilities for the virus author, like launching a major spam campaign or a DDoS attack.
The new Sober.Q worm hasn't begun spreading yet, possibly because the author wants to wait until enough computers have been infected by the Sober.Q variant.
Sober.Q includes a German message in which the author refers to some online articles which called him a spammer. He says he is not a spammer, but might turn into one.
Last Monday Sober.P accounted for 40 percent of all virus activity on the internet according to F-Secure, but rival Sophos reports that Sober.P was responsible for 84 percent of all virus traffic on Monday.
Update: Sober.Q became active on Sunday morning.
Sober.Q worm detected - will a new major outbreak follow?
Posted on Saturday, May 14 2005 @ 21:52 CEST by Thomas De Maesschalck