Sober.Q Virus Held in Check at SafetySend - Published: May 18, 2005

Share Article

SafetySend protects clients and foils a new variant of the Sober virus to all their HIPAA and GLB clients.

SafetySend clients were not compromised by the latest penetration begun on Friday the 13th. The virus continued to send infected hate messages worldwide over the weekend. Sober.Q spread hate messages in German and English while infecting PCs. Although millions of people were infected and damaged, our web servers did what they were designed to do; stop viruses, spam and protect confidential information.

Many security companies say that they received hundreds of thousands of e-mails generated by Sober.Q in its first day. This latest variant of Sober was uploaded to computers that were most likely infected by previous variants of Sober, meaning the virus authors may have had remote control over thousands of PCs.

Safety Send security group estimates over 100,000 penetration attempts. The security group reconfigured proprietary code and encryption algorithms to prevent the loss of Protected Health and Financial Information. As a result, no users of Safety Send received the Sober,Q via Safety Send and no files were lost or penetrated. The system was held in “safe mode” for approximately two hours on May 16. The resource requirements of this attack did slow access to email via the web, Outlook users suffered no interruption in service.

MX Logic's threat center categorized it as a threat of high severity and reported seeing more than 125,000 instances of the Sober.Q worm. According to internet security specialist SurfControl, they reported seeing over 1,000 spam e-mails within hours of the initial outbreak. The company indicates this level is about 40 times the usual number.

Within the last week, antivirus companies were issuing warnings that the previous and less aggressive Sober variant had unexpectedly modified its behavior and stopped proliferating. Antivirus companies warned that the previous Sober variant, disguised as tickets to the Soccer World Cup in 2006, had gone into a quiet period. The momentary calm in activity seemed to have been planned by the virus writers to lay groundwork for this latest attack. The latest variant's purpose seemed to be to open secure networks, infect user PCs and distribute hate mail.

SafetySend, Inc. provides secure communication technology for compliance with HIPAA (Health Insurance Portability and Accountability Act) and GLB (Gramm-Leach-Bliley) to cover regulatory requirements for electronic communication and data transfer.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michael Sharp
Visit website