Sober.Q worm detected - will a new major outbreak follow?

Posted on Saturday, May 14 2005 @ 21:52 CEST by Thomas De Maesschalck
Anti-virus firm Kaspersky has just discovered a new Sober worm variant. The Sober.Q worm which is download by computers that are infected with the Sober.P worm. A few hours ago we reported Sober.P suddenly stopped spreading on Tuesday because the virus creator altered the code of the worm.

This is possible because Sober.P has built-in functionality to connect to websites to download and update its code. This is dangerous because it opens a wide range of possibilities for the virus author, like launching a major spam campaign or a DDoS attack.

The new Sober.Q worm hasn't begun spreading yet, possibly because the author wants to wait until enough computers have been infected by the Sober.Q variant.

Sober.Q includes a German message in which the author refers to some online articles which called him a spammer. He says he is not a spammer, but might turn into one.

Last Monday Sober.P accounted for 40 percent of all virus activity on the internet according to F-Secure, but rival Sophos reports that Sober.P was responsible for 84 percent of all virus traffic on Monday.

Update: Sober.Q became active on Sunday morning.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments