Sunday, January 08, 2006

All Quiet on the Sober Front

"The Sober attack predicted for last Friday has not happened, possibly because of the publicity surrounding the potential outbreak."

For those who missed it, the code was cracked in advance of a Sober virus attack. This little 'sleeper virus' would infect a computer earlier on and wait for the clock to tick down to zero hour. It was designed to reach out to a number of websites and download "a more sophisticated version of itself (or it transforms the infected PC into a conduit for spam, pornography, or a host of other malicious uses)." (link to cnet article)

Because of the code being cracked the addresses to be contacted were carefully watched and the virus writer didn't show up.

A couple of quotes from ZDnet Australia:

"It's great! This is good news," Mikko Hypponen, director of antivirus research at F-Secure, said.

"We've been monitoring the locations of the files that infected machines are now trying to download. So far none of them have activated," said Hypponen.


"We've not seen anything. This is what we envisioned would happen. Everyone knew about [the imminent attack], and took steps to mitigate the effects. The virus writer is probably running scared. It's great -- everybody in the antivirus community helped each other out. It would be good to do this with more malware," said Mark Toshack, manager of antivirus operations at MessageLabs.


But F-Secure warned that now was not the time to be complacent, as the hacker could still try to activate the download routine.

"The Sober guy laid low, but he might publish a little later. We've seen secondary download routines with other variants uploaded by the writer when he's ready -- so perhaps he's still writing it. It doesn't necessarily mean he won't activate the threat in the future."

prying1 sez: Be careful out there. There are 'not nice' people in this world.