Sober deadline passes quietly
The security industry breathed a collective sigh of relief over the weekend as the date which was to trigger computers infected with the Sober virus to download more malicious code apparently passed without incident.
Finnish security company F-Secure said that the online resources the machines were poised to tap had not been primed with any malicious code so that when the infected PCs logged on, there was nothing there to download.
Furthermore, the company says that the worm was also programmed to stop spreading on 6 January and, as a result, the virus that had been by far the most prolific over the past two months has simply dropped off the radar.
However, that doesn’t mean the Sober threat has been put to bed. The company says there remain ‘at least tens of thousands of infected machines out there’. And according to Microsoft’s security team, ‘beginning approximately every two weeks thereafter [6 Jan], the worm is set to begin downloading and running malicious files from additional sites on the same Web domains.’
F-Secure is urging ISPs to monitor subscribers making large numbers of page requests to the domains hositng the malicious material and to then contact the subscriber and advise them that they are likely to be infected with the Sober virus and should clean it off.