[ISN] Sober reloaded

From: InfoSec News (isn@private)
Date: Fri May 20 2005 - 22:14:11 PDT


http://www.theregister.co.uk/2005/05/20/sober_reloaded/

By John Leyden
20th May 2005

Zombie PCs infected with the Sober-P worm are set to reactivate on
Monday, 23 May. Sober-P posed as offers of a free ticket for next
year's World Cup and set up backdoor access on compromised PCs,
claiming thousands of victims since its first appearance earlier this
month.

These infected machines were later used to generate a German hate-mail
spam outbreak this week. The sheer volume of this deluge illustrated
the potential for further mischief.

The German Federal Office for Information Security (BSI) warned on
Friday that the Sober P worm will become "active' again this Monday,
and may launch another Trojan. Email security firm CipherTrust said
that virus authors could reprogram this botnet to send out yet more
spam, propagate secondary infections or launch a denial of service
attack.

As CipherTrust notes, just because this might happen doesn't
necessarily mean that it will. It will likely turn out to be a damp
squib, as previous warnings - notably made during the Code Red hype
cycle - turned out to be. Nonetheless the alert illustrates the
pressing need to disinfect machines compromised by Sober-P. ®

Related links

BSI's Sober P warning (in German)
http://www.bsi.de/presse/pressinf/200505soberp.htm



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Sat May 21 2005 - 11:59:07 PDT