Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sober.P Worm Accounts for 5% of all Email Traffic

Posted by CmdrTaco on from the thats-a-lotta-bits dept.

destuxor writes "The grave insecurity of the day is the Sober.P worm which is currently pushing nearly 5% of all email traffic at the moment. Unlike previous worms, Sober can disable the Windows Firewall and Symantec Antivirus. Interestingly, patched machines are not vulnerable to the exploits used by this worm. What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?" update percentage corrected.

9 of 451 comments (clear)

  1. Reading the article? by r2q2 · · Score: 5, Informative

    I read that the article refrences that it only comprises 4.65 percent of all email traffic? Where does this article say 25 percent???

    --
    My UID is prime is yours?
    1. Re:Reading the article? by andersa · · Score: 2, Informative

      I have a similar story.

      ClamAV blocked the first one on my server at 00:20 CET on may 3rd. Since then I have recieved exactly 100 Sober.P containing mails. And I only have one publicly known email address on that server.

      It's almost a 20 fold increase in blocked mails.

  2. RTFA, Taco by Draoi · · Score: 5, Informative
    The Sober.P worm is still spreading fast and made up almost 5 percent of all e-mail traffic

    From the first line ... 5%, not 25%. Big difference ....

    --
    Alison

    "It is a miracle that curiosity survives formal education." - Albert Einstein

  3. Updates too big to download by Anonymous Coward · · Score: 1, Informative

    What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

    Not make the update 100mb+?
    How can anyone download that when the only connection they have to the internet is a modem.

  4. Re:Visiting windows update once in a while by Karzz1 · · Score: 3, Informative

    At my office I have MailScanner configured with Postfix, SpamAssassin, and ClamAV. Every bit of this configuration is free (beer and speech) and works very well. I have the rules set fairly loosely, yet it still manages to catch >80% spam and I have yet to see a virus make it passed. It is a bit of a bear to set up, but for those who would rather not, all of those packages can be found in openprotect (with or without commercial support).

    Now, for the caveat. As is the case with any type of email scanner, it is very resource intensive. As such, I have a dedicated dual Athlon machine which handles scanning for 50-100,000 emails/day and it stays very busy (load over 1, >50% processor utilization).

    --
    Beware of he who would deny you access to information, for in his heart he dreams himself your master.
  5. Re:Nothing really by westlake · · Score: 2, Informative
    Most people don't have broadband; Windows Update takes a long time when all you want to do is get your email.

    Windows Update downloads in the background, and allows other programs the bandwith they need. It should never be a problem, even over dial-up. If you didn't have the patience to wait out the download of SP2 over a slow connection, you could mail order it on CD from Microsoft, no charge, even for postage.

  6. Re:To make them patch their machines...... by jaseuk · · Score: 2, Informative

    We've already had one of those, it caused alot more problems than it solved.

    For more info google for Nachi.

    Jason.

  7. Re:Only 1 way by Anonymous Coward · · Score: 1, Informative

    http://www.alsangels.com/ - Note the strange lipped slit female of the species homo sapiens sapiens have, sometimes with a visible clitoris.

    It hurts to get kicked in the cooch. Probably not as much as in the balls, but as there are very few people indeed in a position to directly compare, and as males tend to have lower pain thresholds than females, it's difficult to say how much less.

  8. Re:White hats... by csirac · · Score: 4, Informative

    Like Welchia?