Outbreak Name: W32/Sober-Z
Outbreak Date: 11-21-05
IronPort's Virus Outbreak Filters Protect Customers from Sober Outbreak Additional 4 Hours and 38 Minutes Protection
Background
IronPort's Virus Outbreak Filters protects customers within the critical period between the first exploit of a virus outbreak and the release of an AV signature. During the recent Sober variant outbreak, W32/Sober-Z, Outbreak Filters users were protected 4 hours and 38 minutes before an AV signature was available from any of the major AV vendors*. W32/Sober-Z is an extremely widespread and malicious virus that spreads primarily by sending spoofed emails from the FBI, CIA or the German Bundeskriminalamt (German Federal police service) informing recipients that that their internet use has been monitored and that they have accessed illegal web sites. The e-mails then direct recipients to open an attachment and answer questions. If opened, this attachment may take the following malicious actions: disable personal firewalls and AV engines, harvest email addresses and send viral messages to these addresses and open backdoors to enable remote control of the infected PC.
Timeline
Outbreak Details & Timeline
| Date | November 21, 2005 |
| Name** | W32/Sober-Z (Sober variant) |
| 20:07 GMT | Virus Threat Level raised and protection starts |
| 00:45 GMT - the next day | First anti-virus signature published* |
Benefits
4 hours and 38 minutes of additional protection with Virus Outbreak Filters
* Calculated as first publicly published signature from any of the following vendors: Sophos, Trend Micro, Computer Associates, Kaspersky Labs, Symantec or McAfee. If signature time is not available, first publicly published alert time is used.
** As named by Sophos.
