Sober Worm Plans 5 January Attack

[Jeff]

Security outfit iDefense is reporting that the next Sober worm attack will take place on 5 January - the 87th anniversary of the founding of the Nazi party.

 

The information has been gleaned from breaking encrypted code in the latest version of Sober which dominated the November anti-virus ratings. According to iDefense, "the November 22 variant is designed to download an unknown payload of code on January 5, 2006".

Click Here

 

As we reported last month, Sober accounted for "one in every 13 emails sent and 42.9 per cent of all viruses reported to Sophos" in the November threat chart. The last variant was delivered as an email attachment to messages - either in German or English - allegedly emanating from police agencies warning users they are under investigation for visiting illegal websites.

 

Once the attached file is run, the worm "scans the user's hard drive for email addresses, in its search for fresh targets for infestation". It also tries to disable security software on infected Windows PCs.

 

Regarding the apparently political timing of the next expected assault, Joe Payne, vice president, VeriSign iDefense Security Intelligence Services, said: "This discovery emphasizes the ever-present and often underestimated threat of 'hacktivism' - combining malicious code with political causes. Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses."

[Tracey]

So is not opening suspicious emails enough to protect our PC's from this? What do you do, Jeff?

[Jeff]

never open stuff like that, but no, that in itself is not enough. Install a decent virus scanner there are good free ones available

 

http://www.avast.com/eng/avast_4_home.html (Free) Avast - What I use

http://www.grisoft.com/doc/289/lng/us/tpl/tpl01 (Free) AVG - also very good

 

Also install a firewall

 

http://smb.sygate.com/products/spf_standard.htm (Free) Sygate

[Tracey]

Would you recommend those in addition to the Norton stuff I have, or instead of? I know there was a thread not too long ago where everyone basically agreed Norton was subpar, but I wasn't sure if I should dump it or just augment it with the other.

[Jeff]

yeah, Norton is pretty much crap, but you don't want to run more than 1 software firewall at a time. If you are happy with Norton keep it, if not uninstall it and get your computer back from the Norton grasp.

[Tracey]

uninstall it and get your computer back from the Norton grasp.

1799039[/snapback]

 

Well, I guess that right there tells me all I need to know.

 

Thanks!

[Guest Soriams]

Makes me glad I have a mac....

[Jeff]

Macs are not immune

 

http://www.theregister.co.uk/2005/12/01/secfoc_macos/

 

http://www.theregister.co.uk/2005/09/19/sy..._threat_report/

[Wonder]

downloaded

[Guest mantis]

Jeff: I have AVG on my machine and I love it but don't have the firewall that you talked about but will look into it. Thanks for the heads up.

[Guest Soriams]

True that macs are not imune, but at least it is a bit of extra protection against my roommate's dirty, dirty computer.

[Guest btiedt]

I use zone alarm for the free firewall and avast for the e-mail.

 

I have been told that virus's are passes in attachments so if you do not open the attachement, then you are safe (and you are running anti-virus software). I rarely open attachments even jokes ones that friends pass. Never open them.

 

Is this true that virus's are always in the attachment?

[Jeff]

not really, malware and virus can also be spread from malicious web sites, or implanted if your computer is hacked into, but the most common way is through email or online downloads.

[Guest mummytogreys]

jeff, do you fancy hosting a weekly computor class, for those of us who find this all a bit "over our heads"? or maybe its just me lol...

[Jeff]

I just post the virus warnings I see. When the last big one hit, we got a bundle of email to our helpdesk, that is because many of the GT users were infected and didn't even know it. The virus sent to everyone listed in the persons inbox, our helpdesk included. It became worse after SS started because 360+ people now have the address to the helpdesk, and however many of those infected now send to us.

 

I find it funny when people say "I've never had a problem, or a virus" but the fact of the matter is... you may not know you do, but all the people in your inbox sure know that you have a problem!

[Guest BigPercy]

My computer keeps blocking something from W32.Sober.X Same thing????

[Guest Pat2003]

Just went to download the fire wall and -

 

Important Notice: Effective November 30th, 2005 all Sygate personal firewall products will be discontinued. This does not affect Sygate's Enterprise firewall and endpoint compliance products, which will still be updated and supported.

 

I down loaded the avast anti-virus software and removed all the Norton stuff which I think included a fire wall. Any other suggestions for a fire wall?

[dobelvr]

Jeff,

My desktop is infected with something right now. My son opened an email and thats where it started. We have the Mcaffey provided by msn but I guess that didn't work. Mcaffey also has a firewall as does windows xp. Are these not sufficient or have I not set them up properly. We run ad aware frequently. I have downloaded the AVG software and spybot and would like a recommendation for a free firewall. Thanks for letting us pick your brain.

Sandy

 

Edited because I forgot to mention I am working on my laptop not the desktop.

Edited December 11, 2005 by dobelvr

[Jeff]

The windows built-in firewall is not sufficient, no.

 

By choosing to open the email, you pretty much bypass the firewall, they are designed to stop forced entry, not so much email virus, but that is where your virus scanner comes in. Your virus scanner if updated, and designed to scan emails before you open them, should catch things like that. Always be sure you have the latest virus definitions for your virus scanner, most new ones, download those definitions automatically and check for them at least daily, if not every few hours.

 

I don't have a personal recommendation for a firewall. I am behind a hardware firewall, plus also run a software firewall (ZoneAlarm Pro) but even knowing what I am doing, ZoneAlarm is a bear to setup and use, so I don't really recommend it.

[kronckew]

best solution is a hardware firewall, a software firewall, and an anti-spyware and anti-virus system that updates itself frequently (some do daily or even more frequent updates). hardware (& ms windows firewall) are good at protecting you from unsolicited intrusion from outside, but not from anything that you have 'invited' in via websites or email, file share systems, dodgy downloads, etc. a layered approach useing some or all of these is best, depending on how paranoid you are.

 

Software Firewalls:

 

i'm a bit prejudiced, as i am a moderator for their user based support forum, but agnitum's outpost firewall pro has beaten many of the others, norton, ZA, sygate, etc. in side-by-side tests and the current version three has a number of plugins to assist in anti-spyware, ad & popup blocking and a number of other attack threats.

 

there is a version 1 available as freeware which is quite good, but the paid version is much better now, there may be a free reduced feature version soon.

 

now that sygate has been killed by semantec to keep competition away from their bloated offering, and with many ZA people crossing over, outpost is a viable option for many.

 

there is a free to download 30 day trial version available, so feel free to try it before you buy it & if you don't like it, you're not out anything. make sure if you have used zone alarm before (or any other personal firewall) to completely deinstall it before installing outpost or any other flavour firewall as they cannot co-exist. the windows firewall should also be disabled in the security centre if you install any other firewall.

 

if you accept the default settings of outpost, you can then go on to explore it's many other settings that can be used to further tighten up the security. it's not a install & forget solution, you will need a modicum of computer literacy to use it fully, but those of us running the forum are there to help if you get stuck. (and we are greyhound tested and approved by blue & millie)

 

ad-aware, one of the most well known anti-spyware systems has just done a deal to bundle a reduced version (some of the outpost plugins are not available, main firewall functionality is the same tho) with their security systems. have a look at www.agnitum.com and/or at the ad-aware site.

 

as far as wether you should use a free or a paid version of security software, it depends on your budget, how much you can afford to lose if you get zapped and are infected, and how much it will cost to recover any files, letters, and other documents, music, etc. destroyed by the baddies. also how much you have in your accessable bank accounts if they manage to spy out your account details.

 

remember 2 things:

 

you get what you pay for

 

caveat emptor

 

good luck all!

Edited December 12, 2005 by kronckew

[mareyeka]

will downloading a new firewall cause any conflicts with the windows firewall?

[nyGreys]

will downloading a new firewall cause any conflicts with the windows firewall?

1820003[/snapback]

That's what I was wondering.

[Jeff]

yes, you don't want to run more than one firewall at a time.

Microsoft Firewall is very poor, it should not be relied on. Also, it is only an inbound firewall, not an outbound.

 

Here is something interesting.... most modern firewalls automatically disable the Microsoft firewall when they are installed. Now if those programs can disable it, don't you think a virus can too

 

Other firewalls are not able to be disabled by programs like the Microsoft firewall can.

[greyhoundlov]

My McAffee just caught a Sober Worm trojan horse...a bogus e-mail from E-bay.

Edited December 22, 2005 by greyhoundlov

[jodyksam]

My McAffee just caught a Sober Worm trojan horse...a bogus e-mail from E-bay.

1826907[/snapback]

 

Wow...

 

 

Jeff, my school has a firewall, but when I take my laptop home (it belongs to the school, but I use it at school and at home), I'd like firewall protection. What would you recommend? I read where you said to not run more than one at a time, but obviously I need some kind of protection when using the laptop at home.