Sober.P worm updates to Sober.Q

Advertisement (Why?)

Anti-virus firm Kaspersky has just discovered a new Sober worm variant. The Sober.Q worm which is download by computers that are infected with the Sober.P worm. A few hours ago we reported Sober.P suddenly stopped spreading on Tuesday because the virus creator altered the code of the worm.

View: Sober Worm Makes the Rounds (3 May 2005 - Neowin)

News source: DV Hardware

Windows OneCare is being designed to address core safety concerns such as worms, viruses and spyware, but also to span broader PC health issues: helping protect electronic assets such as digital photos, music, financial data and software; and guarding against performance degradation and system clutter that can result from heavy use. Key capabilities and features of Windows OneCare will include the following:
• Defense against evolving threats. Windows OneCare will provide automatically updated anti-virus, anti-spyware and two-way firewall protection.
• Performance and reliability tools. PC owners will be able to choose to have Windows OneCare automatically carry out periodic maintenance tasks such as disk cleanup, hard-drive defragmentation and file repair. The service also will offer boot-time information and proactive support tools to help improve the customer experience.
• Backup and restore capabilities. Windows OneCare will enable automated backup of files by category on CD and DVD, along with the option to back up all files on the system or only those that have changed since the last time the action was performed. If files are accidentally deleted or corrupted on the PC hard drive, the service is designed to restore saved versions or map them on a new PC.
• Simple, integrated service experience. PC users will have one simple point of reference for checking the overall health of their system. Windows OneCare will automatically notify users of available updates or other recommended actions and enable users to easily act as needed. Otherwise, the service stays quiet and in the background.

#1 Hamsan on 15 May 2005 - 09:48

WOW, so other antivirus companies also detected it or not ?

(1 reply) #2 IGx89 on 15 May 2005 - 12:36

That explains why I suddenly went from getting ~200+ junk e-mails per day (almost all Sober.P) back to my normal 10-20 per day a few days ago...

#2.1 shafi on 15 May 2005 - 18:58

what email provider ?

#3 guanako on 15 May 2005 - 16:19

so wat did the virus actually do?

(2 replies) #4 phiberoptik on 15 May 2005 - 19:02

"A few hours ago we reported Sober.P suddenly stopped spreading on Tuesday because the virus creator altered the code of the worm."

umm

So you telling me... that the virus creater actually used PCAnywhere, Remote Desktop, or Terminal Service, etc to get into every infected computer, and disable the old variant, and upload the new one? I am being a bit sarcastic, but does anyone else find that above statement a bit ignorant...

#4.1 roadwarrior on 15 May 2005 - 21:32

That's not as unbelievable as it sounds. Some worms like this regularly check-in with a central location to see if they have been given any new instructions. There's no reason the author couldn't program them to accept changes to their code this way, similar to Windows Update.

#4.2 voidpharoh on 15 May 2005 - 23:10

I agree with roadwarrior, it's fairly plausible for a worm of this type to 'phone home' to a list of servers to check to see if there is an update available.

@phiberoptik, I personally don't see anything ignorant about the quoted statement from the article, but.... I do find that your statement sounds a tad bit ignorant.

#5 gnubugu on 15 May 2005 - 22:17

QUOTE

well, Yes I guess your statement does sound a bit ignorant...

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net