Wednesday, November 23, 2005

Analysing W32/Sober@MM!M681 and more Bagles arriving ...

Well it seems we will get some busy days ... a new wave of Bagles arrived just minutes ago. If it wasn't enough with our outbreak of the new Sober variant. Sober variants are well known for complex replication patterns and payloads. They have also been using spoofed e-mail addreses in the "From:" field, pretending to come from the FBI; reason enough for many unsuspecting users to fall victim to the worm. Sober.K, discovered on February 21 2005, was the first to use this. W32/Sober@MM!M681, which is currently the most popular variant, started spreading actively on Monday, November 21. Although it was released last week, it didn't really pick up speed unless Monday and Tuesday, thanks to the help from a couple of other variants in the family, one of the complex replication patterns mentioned above. The outbreak is medium and large enough, but according to my statistics, it's no match for say, Sober.a back in 2003.
BELGA , the Belgium press agency interviewed me today about the situation in Belgium which seems stable at this moment. It seems however that they didn't quote me 100% correctly. Let's see how the press will pick this up tomorrow morning in the newspapers. 'De tijd' (Newspaper) already called me for some more detailed explanation.