"Illegal Websites" Virus

The virus writers are certainly busy these days.

One of the latest of the mass-mailing worms is sober.x. This is a variation of the earlier sober.c worm that hit email inboxes during 2003.

sober.x usually claims to be from a 'Steve Allison' who supposedly works for a government agency such as FBI or CIA, and warns the reader that the agency has been tracking visitors to illegal websites. The message goes on to say that the recipient has been tracked visiting a number, usually 30, of these websites and demands that the recipient answer a list of questions. Needless to say, the message itself is pure, unmitigated BS. The aim is to get the recipient to open an attached ZIP file and allow the virus to install on their PC.

Once the little beast has made a nest for itself, sober.x may attempt to disable security and firewall programs, replicate itself by sending messages to contacts found in e-mail address books, block access to various security web sites, and open security holes that allow outsiders to gain unrestricted access personal information stored on the PC.

The FBI has issued a warning about sober.x:

"The FBI today warned the public to avoid falling victim to an on-going mass e-mail scheme wherein computer users received unsolicited e-mails purportedly sent by the FBI. These scam e-mails tell the recipients that their Internet use has been monitored by the FBI and that they have accessed illegal web sites. The e-mails then direct recipients to open an attachment and answer questions."

"The e-mail appears to be sent from the e-mail addresses of mail@fbi.gov and admin@fbi.gov. There may be other similarly styled addresses. The recipient is enticed to open the zip attachment which contains a w32/sober.jen@mm worm. The attachment does not open and its goal is to utilize the recipient's computer to garner information. Secondly, the virus allows the e-mail to be forwarded to all those listed in the recipient's address book."

There are a variety of Subject Lines that are used in the delivery package including:

* hi, ive a new mail address
* Mail delivery failed
* Paris Hilton & Nicole Richie
* Registration Confirmation
* smtp mail failed
* You visit illegal websites
* Your IP was logged
* Your Password

As is all too often the case, only PCs running any flavor of Microsoft's Windows can be infected. (One must wonder how much longer consumers will put up with Windows truly horrendous security track record. It also begs the question "why would anyone trust any Microsoft product to be secure?")

Most anti-virus products are either able to detect this beast now or will be able to very soon. As always folks, keep those definition files up to date and NEVER open an attachment unless you are positive about what it contains and where it came from!

Acouple of things to keep in mind. First, if you are like most folks connected to the internet you are using a dynamic IP address. This means each time you connect, you get a different IP address which makes it pretty darned tough to track anything that you do. Second, no government agency will ever send a message like this. If they really are concerned about your activities, you are much more likely to receive a personal visit.

Most of our clients are Windows users. Despite grave misgivings about the security of Windows, we do understand that many, if not most, folks, there really is no other viable option. All operating systems contain security concerns. But this should not deter people from using the internet. Simple precautions such as using anti-virus software and/or firewalls, will go a long way towards providing reasonable security. Dealing with service providers who include frontend anti-virus and anti-spam filtering is another good precaution.

But in the end folks, your online security is your responsibility. It is up to you to make sure that reasonable precautions are in place, that anti-virus products are up to date and that you are not opening any attachments.

Rich
Dogsoldier.com LLC