The reality is that there could have been hundreds of thousands of computers with overwritten files today. Instead, we only have a handful of reports, and that is a hands-down victory for the collaborative effort of the security community. |
The threat level for this vulnerability may be dramatically increased if more automated methods of distribution are found to be successful, such as e-mail or IM or file shares. The impact of attacks may also increase, with more sinister codes being installed as new hackers attempt to leverage the vulnerability to their advantage. |
Then, we thought maybe the police had gotten inside the group that made Sober and might be close to an arrest. But now it's likely that they found a date coded inside an earlier version of the worm. |
There are plenty of ways to get around all of those things. |
There's no such thing as [malicious] software melting hard drives. |
There's no way for you to know whether a site is dangerous for a WMF exploit. |
They're bloodsucking mosquitoes. You just can't get them all. |
This could serve as a springboard for more attacks on the Macintosh because it might spawn copycats. |
This increases the likelihood of exploitation, but widespread exploitation has not been identified to date. |
This is a social engineering worm written in Russian. It is interesting when you look at it. This is a Java-based type of threat and it has been proven to be successful. We need to look at this and see what is going to be the threat down the road. |
This is not something I would expect to yield very high profits for criminals as compared to other types of financial fraud and extortion that might take place. Many people have backups of their files, and now the code has been cracked. |
This is one of those big, under-the-radar threats that we've been concerned about. There has been a trend away from big-bang attacks to very targeted and sophisticated attacks that take place right under your nose. This is one of them. |
We did reverse engineering on the variants, and found this date in the code. The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version. |
We don't know if it's fraud-related or whatever. Clearly, they're being silently and illegally installed, at a minimum, for personal profit and they may also involve fraud or exploitation. I think the next week is going be the most telling and the most significant in terms of risk. |
WMF exploitation has taken off in the past twelve hours. It's likely that WMF exploitation will be very successful in the near term. |