Gillian Shaw
Sun
Armies of zombie computers are being mobilized to launch a global attack on computers in the latest virus outbreak that purports to send pornographic photo and video clips of Paris Hilton, or threatens users with FBI and CIA sanctions.
The virus, a variant of the earlier “Sober” computer virus, was initially assessed as a low risk to computer users, but security specialists upgraded the risk Wednesday as virus-loaded e-mails flooded computer in boxes around the globe in what some analysts are terming the worst outbreak of the year.
“This is tremendously widespread at the moment; it is spamming itself out on a wide scale,” said Graham Cluley, senior technology consultant with the network security firm Sophos. “In terms of prevalence, this is by far the biggest e-mail virus we have seen in months.
“The reason it is so ferocious is because computers which were earlier infected by other versions of the virus have been automatically updated and told to spread the virus even further. It has an extraordinary launch pad.”
MessageLabs, a company that filters e-mails, reported it had intercepted more than 2.7 million copies of the worm, and Sophos said the new variant of the Sober virus was accounting for one in 74 of all e-mails sent around the globe. The virus has been given various names by security companies, including “Sober.Y,” “Sober!M681” and others.
The threats escalated as tens of thousands of hijacked computers, unbeknownst to their owners, were enlisted to send out millions of virus-infected e-mails.
F-Secure Security Labs escalated “Sober.Y” to its highest alert late on Tuesday.
“The numbers we’re now seeing with ‘Sober.Y’ are just huge,” lab staff reported in their weblog. “This is the largest e-mail worm outbreak of the year — so far!”
Alfred Huger, senior director of development for Symantec security response, said Wednesday he doesn’t expect to see the virus spreading more than it already has, but he added that the outbreak was severe.
“I would say this is probably the largest mass mailing worm that we’ve seen this year,” he said.
Huger estimated there are some tens of thousands of computers that are controlled in the bot network, a number that is constantly changing.
“This particular virus has been fairly sophisticated throughout its tenure,” he said of the numerous variants of the “Sober” virus. “It has been used for everything from sending right-wing German nationalist spam to sending regular spam, to downloading trojan [programs] to steal financial data.”
The U.S. Computer Emergency Readiness Team issued an alert Tuesday about the “Sober” variant, including an FBI release warning computer users not to fall for a bogus e-mail that purports to come from the FBI and in one version advises the reader:
“Dear Sir/Madam, we have logged your IP-address on more than 30 illegal websites. Important: Please answer our questions! The list of questions are attached. Yours faithfully, Steven Allison Federal Bureau of Investigation – FBI- 935 Pennsylvania Avenue, NW, Room 3220 Washington, DC 20535, phone: (202) 324-3000.”
Other versions of the virus promise pornographic photos and video clips of Paris Hilton. Unsuspecting computers users open an attachment to the e-mail and then unzip the file to install the virus on their computers. Once installed, it runs undetected, propagating itself by mailing out to any e-mail addresses found on the computer’s hard drive.
The virus itself doesn’t cause systems to collapse, but rather transforms the machines into bots — the so-called robots that are then used as a giant sleeping network that can be turned on and off by the virus writers.
“This shows how well zombie bot networks can be used,” said Cluley. “First of all, it shows how quickly you can be infected by a bot and there is nothing to see.
“Your computer carries on as normal, but in the background it is sending out spam.”
The “Sober” virus and its variants are believed to be the work of a virus writer based in Germany.
© The Vancouver Sun 2005
