Hacker Attack Is ‘Sober’ing Message About Threat

Variants of the “sober” e-mail worm have been arriving in millions of e-mail inboxes over the past several days. Many of them have been posing as fake messages from the CIA or FBI, warning recipients that their Internet addresses have been identified as having conducted illegal activities online. Clicking on the messages exposes the users’ computers to control by whomever sent the messages.

The engineers at Helsinki, Finland-based F-Secure’s Security Labs have taken the Sober.Y worm to the highest security alert the company has. The FBI also has put out a public warning on the case.

The first Sober worm appeared in late 2003, and F-Secure says it believes all 25 variants of it have been written by the same individual, operating from somewhere in Germany. The motives behind it are unclear.

The outbreak marks a change from recent hacker activity, which for the past year or so has been geared more toward small-scale attacks with financial motives.

“Security efforts have often been geared toward preventing large global threats, and security people have been fighting a lack of caring by customers who weren’t seeing the big attacks,” says Vincent Weafer, senior director of Symantec’s Security Response division. This new threat should help change that mindset, albeit not for the proactive reasons security experts would prefer.

Partners who work with antispam and antivirus technologies say, for better or worse, attacks such as this are causing their businesses to boom.

“Of all the things we do, antispam probably is the most active,” says Cameron Spitzer, proprietor of Truffula Networks, a security consultant and services provider in San Jose, Calif. “Spammers are getting worse, and the government’s not doing a damn thing about it. It’s causing capacity issues in small businesses and sometimes just dragging systems down. The biggest problem for the overall security economy is the relentless search by spammers for new hosts.”