Sober.P Worm Accounts for 5% of all Email Traffic

destuxor writes "The grave insecurity of the day is the Sober.P worm which is currently pushing nearly 5% of all email traffic at the moment. Unlike previous worms, Sober can disable the Windows Firewall and Symantec Antivirus. Interestingly, patched machines are not vulnerable to the exploits used by this worm. What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?" update percentage corrected.

Re:Nothing really

[Short+Circuit]

That works, until they or a relative disable it.

Most people don't have broadband; Windows Update takes a long time when all you want to do is get your email.

Now, if they graduated from an HTTP download to rsync, the download size would be significantly smaller.

An even better solution would be to have the source code on the computer, and have the machine compile the patches locally from a (much quicker to patch) source code. Of course, they'd need to find a way to securely encrypt the source code so those "evil GPL coders" don't peek.

Trusting MicroSoft

[KiloByte]

What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

The problem is, MicroSoft went a long way to tell people that no, they can not trust them when it comes to privacy. People from random businesses around here are pretty paranoid now -- I've talked to the CEO of a ~300 employees big company who, albeit a non-technical user himself, went on a long tirade about not letting Windows phone home.

Windows Update is useless to dialup users

[LTSharpe]

I have tried using windows update on several machines over the years ever since it came out. All I ever receive in return are page script errors, stalled connections and general frustration of all kinds. I especially hate waiting for it to do something after god knows how long only to have it error out and start all over again. I gave up on windows update long ago which is fine because I generally follow and advise others to follow hte rule of 'if it ain't broke then don't fix it'.

Interestingly?

[merdaccia]

Interestingly, patched machines are not vulnerable to the exploits used by this worm.

Isn't life is full of little surprises!

Re:Nothing really

[Short+Circuit]

It doesn't have to be in the same high-level languge the OS was written in; it could be a compiler-specific intermediate language, like GCC's SSA.

Such an arrangement offloads some of the compiling process to Microsoft's servers, and obfuscates the patch.

The compiler included with the OS doesn't even have to support any other language. And it can require a signed certificate from Microsoft to accept the code.

The only way to wake people up

[NtroP]

Remember the good old days when viruses did real damage? Remember when they actually did format your hard drive or screw up you boot sector? That made people sit up and take notice.

If virus writers ever changed their tactics from one of "sneak in and just borrow their CPU cycles and bandwidth for my bot-net" to one of "let's infect, spread, then kick them in the nuts" people would take notice once again.

Several years ago there was a virus that went around replacing jpegs with copies of itself (or something). My friend had a struggling web-hosting business where he hosted websites for about 100 different small mom-and-pop shops. Even though I warned him about the risks of viruses and that he should run his site with Linux/Apache he didn't listen. That virus wiped him out.

No, he didn't have up-to-date backups. But guess what? He keeps meticulous backups now and keeps his computers patched with up-to-date virus software and only connects to his web server via ftp (no mounted shares any more).

Alas, he still hasn't embraced Linux or OS X, but at least he's not part of the problem any more.

Just think what would happen if a virus spread around and just looked for .xls files and quietly changed all the 3's to 7's? How far back would companies have to go into their backups to be sure they had a known-good copy? D'ya think they might take viruses and security more seriously then?

The last major hassle we had with a worm was primarily due to the enormous amount of traffic it generated, bringing our networks to their knees. That was an annoyance to management, but they saw it as a network problem - not a virus/worm/security problem.

One of these days some one or some group is going to unleash a virus that really IS going to do real damage. Maybe then people will realize that they aren't sitting in front of an internet toaster, but sophisticated computing device that has a tremendous impact on many aspects of all of our lives.

Re:Reading the article?

[glsunder]

it only comprises 4.65 percent of all email traffic? Where does this article say 25 percent???

Maybe they're not counting spam?

My mail server saw the first one on may 2nd. As of today (the 8th) at 4am, 419 were blocked. 11883 emails came into the system over that time, so about 3.5% of our traffic was sober.p. That's not 5%, but still pretty high. It shot right past virus #2: SomeFool.Gen-1.

What M$ really needs to do.

[MrEcho.net]

We all know microsoft has alot of money. Why dont they just send out a s*** load of Patch CD's just like what AOL does.
Also keep a numbering system on the CD's that any moron can keep track of.
Hell im sure you could get away with putting them in common places.. like bestbuy, wallmart, Safeway, etc.