Yes, thank you, I did have a nice Thanksgiving holiday - and I hope you did also. In discussing Sober, I am not referring to how much I had (or didn't have) to drink on Thanksgiving, but to the latest versions of that nasty Internet worm that appeared when I got back. I knew something was "up" because I started to receive calls from clients when I was away asking about the infected emails they were receiving or saying that they had actually been infected.
It's not worth getting off into the technical weeds to discuss the difference between a worm and a virus, but both are detected by anti-virus programs. Worms usually doesn't do any damage to your PC if one gets in, but they can clog up email networks because they send out so many copies of themselves from infected PCs.
The Sober Worm has been around for about a year, in different variants. But the one that became active around Thanksgiving seemed to be targeted at "Cyber Monday" - considered the first and most active online shopping day. The worm travels in emails, and employs social engineering techniques to tease you into opening the email. If your anti-virus program is not functional or not up to date, at that point you have the worm and it will start spreading from your PC to others.
There were two differences in this version of Sober. This version was much more virulent, and seemed to be sending out many more emails from infected PCs than previous versions. Also, its social engineering had hit on a Subject for the emails that did in fact get people to open it. The email was from the FBI and said that you had been caught going to bad websites! Well, of course not, but it was enough to spook lots of people into opening it. Another email subject complained about a password problem, and a third about rejected email.
The enormous numbers of emails coming into my client's inboxes was overwhelming. None of my clients seemed to be actually catching the worm, but just handing the junk in the inboxes was very annoying. At least one email service was not accessible, probably because its email servers were overloaded. But the virulence of the worm worked against it. When people started getting so many emails with the same subject, it because obvious that they were bogus.
So what can you do? First of all, you need to have one of the major anti-virus programs on your PC and need to make sure it is receiving automatic updates. Most people these days would say that they have this in place, but if so then the worm would not have spread. The anti-virus program will keep the worm from installing on your PC.
But what do you do about the flood of emails that come to your PC? Well, there isn't much you can do. As time goes on, the various servers that handle email will be programmed to flush these emails, but that will take a bit of time, and one of the characteristics of Sober is that it changes or morphs making detection more difficult.
One thing you can do is to first sort your email by subject. If you have multiple instances of this junk, you will easily see it and delete the whole batch of them. Another technique is to use web-based email to check your email first before turning on your email program. If you are a local Road Runner user, you can go to http://webmail.ec.rr.com and if you are a Bell South DSL user you can go to http://www.bellsouth.net and click on Check Email. You will need your account login and password. Using web-based email will let you delete the emails before they ever get to your PC.
But the simple fact is that if you and everybody else just had good anti-virus software, the worm would never have spread. Encourage your friends and associates at work to check their PCs.
(Bob Seidel is a local computer consultant in the Southport - Oak Island area. You can visit his Website at www.bobseidel.com or e-mail questions or column ideas to him at bsc@bobseidel.com. For specific inquiries, please call Bob Seidel Consulting, LLC at 278-1007.)