Unfortunately, many who are infected with Sober.P may be unaware of the infection - even if using updated antivirus software. Sober.P blocks access to its files, preventing many antivirus products from detecting the threat. Or, the antivirus may detect and clean one or two infected files, but leave the bulk of the infection intact. In order to detect and remove Sober.P reliably, update your antivirus software, boot into Safe Mode, and then run a complete system scan.
A growing trend
Email worms used for the ultimate purpose of spam may be a growing trend. PandaLabs, the research arm of Panda Software, have reported a 278% increase in malware detected in recent months compared to the third quarter of 2004.
According to Luis Corrons, director of PandaLabs: “Until now, daily updates were considered sufficient for keeping a computer protected from new viruses, and it is exactly this belief that the creators of malicious code are now looking to exploit."
Corrons explains that virus writers rapidly unleash new variants in the hopes of capitalizing on the so-called 'window of vulnerability' - the time between when the new virus is discovered and the time signature updates are released to counter it.
Vendors are approaching the problem in a variety of ways. Antivirus vendor Kaspersky releases hourly updates in an effort to identify new variants as quickly as possible. And Panda Software, in conjunction with their traditional antivirus products, offers TruPrevent heuristic detection, designed to tackle unknown threats without requiring signature updates.
In tests performed by ICSA Labs, TruPrevent was able to detect 92 of 93 malware samples without signatures. TruPrevent can be used with existing antivirus software (even from companies other than Panda Software) and is included with many of Panda Software's own products. For more information, see: