Microsoft advisory on Sober “Awakening”



Microsoft has posted a security advisory (912920) on the previously reported “awakening” of the Sober worm, expected January 6th.

Systems that are infected with Win32/Sober.Z@mm may download and run malicious files from certain Web domains beginning on January 6, 2006

Further they give the following note….

Microsoft will release an updated version of the Malicious Software Removal Tool on January 10, 2006, that will further assist in the detection and removal of known malware threats including Sober and its known variants. See Microsoft Knowledge Base Article 891716 for additional details on how to deploy the Malicious Software Removal Tool with the latest definitions to help protect against malware.

So, four days after it’s release they’ll have an update for the malicious software removal tool, hopefully with new signatures for the latest variant. How convenient, that is their scheduled security patch day.

This is the kind of coordination you would hope for from virus writers to conveniently release a new version just a couple days before a patch. Contrast this to the wreckless release of a security vulnerability last week in wmf files…. (Ok sarcasm off…..)

   Send article as PDF   

Similar Posts