Greg Sandoval at CNET:
The pesky Sober worm is to blame for disrupting e-mail traffic between Comcast account holders and users of Microsoft-based e-mail, Redmond said on Friday.
A variant of Sober known as Win32/Sober.Z@mm is pummeling servers at Hotmail and MSN with “unusually high mail load,” causing delays in e-mail delivery to Hotmail and MSN customers, said Brooke Richardson, MSN’s lead product manager. Richardson also indicated that Internet service providers besides Comcast may be having problems directing e-mail to Hotmail and MSN servers.
“We are working with Comcast and other ISPs to address (the) issues,” Richardson said. “We’re actively working to take the appropriate steps to remedy the situation as rapidly as possible. We sincerely apologize for any inconvenience.”
Sober variants have reached epidemic proportions this week – Latest Sober worm becomes most widespread virus yet:
A recent outbreak of the latest Sober worm has become the largest e-mail virus yet, according to several e-mail security vendors. The success of the latest Sober was due, in part, to it posing as a message from the FBI or CIA.
Quotes from the vendors are in the article.
The worm arrives as a .zip file attachment in either German or English. The message appears to be from the FBI, CIA or German Bundeskriminalamt (BKA) and accuses recipients of visiting illegal web sites. The message asks recipients to answer questions in an attachment.
Some infected messages reference the German version of “Who Wants to be a Millionaire” and US star Paris Hilton.
That ought to add to the believeability of a missive from the police.
The worm disables antivirus programs and hijacks Windows-based computers, forcing them to send continuous spam e-mails that overwhelm servers and slow down networks.
Helsinki, Finland-based security outfit F-Secure Corp said it believes all 25 variants of the Sober virus have been written by the same individual, operating from somewhere in Germany.