Worm Accounts for 5 Percent of E-Mail Traffic

By Michael Hall | May 9, 2005 | Print this Page
http://www.enterprisenetworkingplanet.com/news/article.php/3503611/Worm-Accounts-for-5-Percent-of-EMail-Traffic.htm

Security company Sophos warns that the W32/Sober-N worm is one of the biggest virus outbreaks of the year.

In the space of a week, Sober-N has continued to grow, representing 84 percent of all viruses the company has tracked at assorted monitoring stations it maintains across the globe.

More startling than its rapid spread is the extent to which it has permeated e-mail traffic:

"1 in every 22 emails sent across the internet is currently infected by the Sober-N worm," said Graham Cluley, senior technology consultant for Sophos, in a statement. By Cluley's math, 4.5 percent of all email could be accounted for by Sober-N. Since Cluley's initial report, updated figures indicate that Sober-N now accounts for over 5 percent of all e-mail traffic, and that it continues to spread.

The worm has a variety of tricks up its sleeve to lure users into opening its payload, an attachment. Sophos reports that it sends itself out in either German or English, depending on what it determines the language of the recipient to be. Sophos didn't specify how it makes that determination. It also offered the promise of an unresistable deal:

"In particular, this worm appears to have caused problems by posing as an offer of free tickets for the soccer World Cup tournament in Germany next year," said Cluley. "Many people found the prospect of free tickets to the prestigious sporting event just too hard to resist."

Once it succeeds in infecting a given machine, Sober-N collects addresses and mails itself out using a variety of messages. It also disables anti-virus software on infected systems, sometimes presenting users with a message box that reads "No Viruses, Trojans or Spyware found! Status: OK"