Central Command, Inc., an anti-virus and anti-spam company based inMedina, Ohio, stopped 150 percent more infectious emails in theiranti-virus filters than they did in October, which was a record-breakingmonth in its own right. And this past November saw 185 percent more virusoutbreaks than November of 2004, according to Steve Sundermeier, a vicepresident with Central Command.
''It was a bad month,'' says Sundermeier. ''The number of virusesincreased in November but the actual volume of malware was significantlyhigher because of Sober, which we have as accounting for one in 17 emailslast month.''
Actually, the Sober-AI variant was the most prolific worm for all ofNovember, accounting for 64.58 percent of all malware plaguing theInternet, according to analysts at Central Command. The rest of the topfive came in far behind their malicious ranking leader: Mytob-IU came insecond accounting for 2.66 percent of all malware; Mytob-NO was thirdwith 2.49 percent; Mytob-NX was fourth with 2.31 percent, and Netsky-Dwas fifth with 2.20 percent.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i Sophos, Inc., an anti-virus and anti-spyware company with U.S.headquarters in Lynnfield, Mass., has a similar top five list. Sophosanalysts give the malware this ranking: Sober-Z took first place with42.9 percent; Netsky-P was second with 8.1 percent; Mytob-GH was thirdwith 6.8 percent; Mytob-EX was fourth with 4.5 percent, and Zafi-D wasfifth with 4 percent. (Keep in mind that different vendors often assignthe same variants slightly different names.)
''Since we saw the first Sober worm back in October 2003, its author hastried to improve upon tried-and-tested tricks to dupe computer users intolaunching infected attachments,'' says Carole Theriault, senior securityconsultant at Sophos, in a written statement. ''This latest worm claimsto be a warning from CIA and FBI agents, accusing recipients of visitingillegal Websites. Mocking the feds is a sure-fire way of goading theauthorities, and you can't help but wonder whether the author isdesperate to be caught.''
Sundermeier tells eSecurityPlanet that Sober-AI isn't a new andsuper piece of malicious code -- it's simply well-designed.
''It's author didn't reinvent the wheel but it uses a combination ofseveral factors,'' says Sundermeier. ''It reproduces very easily. Lots oftimes we see little coding flaws in the propagation routines and thatdidn't exist with this version. It used its own SMTP engine, and it wasgood at harvesting email addresses from compromised machines... It justworks really well.''
Mytob is crowding top five lists simply because of sheer volume, saysSundermeier. There are hundreds of Mytob variants on the Internet at thispoint and that makes for a lot of infected machines. And that means it'seasier for the new variants to get a foothold and spread quickly aroundthe globe.
And Sundermeier says he's predicting an active December.
Sober-AI continues to dominate, he notes, pulling down big numbers as themonth begins. ''And December has been known in the past to be a bad monthfor virus activity,'' Sundermeier adds. ''At the least, we generally seesomething new. In December of 2004, we had the Zafid worm and that toppedthe charts for a while. In December of 2003, we had another Sober variantreleased and that topped the charts for the month. And lately we havethis trend where every month outdoes the last in terms of total volume.''