Home » Articles » Anitivirus Software

Sober.P turns to spam

From Mary Landesman,

May 18 2005

Can your antivirus handle it?

The Sober.P worm has morphed into a spam Trojan, sending politically-charged messages from infected systems. The Sober.P worm had stopped its worm spread at midnight (GMT) on May 9th and entered its 'second stage' during which it apparently downloaded the Trojan responsible for generating the political spam. The spam is sent only from systems infected with Sober.P and the sent spam does not harbor malware. The majority of the spam sent is in German.

Unfortunately, many who are infected with Sober.P may be unaware of the infection - even if using updated antivirus software. Sober.P blocks access to its files, preventing many antivirus products from detecting the threat. Or, the antivirus may detect and clean one or two infected files, but leave the bulk of the infection intact.

In order to detect and remove Sober.P reliably, update your antivirus software, boot into Safe Mode, and then run a complete system scan.

A growing trend

Email worms used for the ultimate purpose of spam may be a growing trend. PandaLabs, the research arm of Panda Software, have reported a 278% increase in malware detected in recent months compared to the third quarter of 2004.

According to Luis Corrons, director of PandaLabs: “Until now, daily updates were considered sufficient for keeping a computer protected from new viruses, and it is exactly this belief that the creators of malicious code are now looking to exploit."

Corrons explains that virus writers rapidly unleash new variants in the hopes of capitalizing on the so-called 'window of vulnerability' - the time between when the new virus is discovered and the time signature updates are released to counter it.