I had an odd experience the other day and would like to get some feedback on what some of you think happened here. I get a call from one of my clients and they say they have an urgent problem. I calm them down and ask them what is going on. They tell me they received a call from their ISP who told them they have a virus.
This seemed odd to me at first but I played along. I asked them which virus it was. She told me it was the W32.Sober.O virus. That seems very specific. After doing some research on this virus I come to find out it turned the affected host into a SMTP server and starts mailing itself out. Nothing new here.
I personally have never heard of an ISP calling someone to tell them they have a virus, especially a cable provider. I asked around to some techie friends and they haven't heard of this either. We all agreed that they wouldn't make this call unless there was a major DOS as a result of it.
In any case I decide better safe than sorry. I check the outgoing traffic and see nothing out of the ordinary. I scan some of the machines (Theres only 7 to start with) and find nothing. Nothing at all.
The real odd part about this whole deal is, this particular company has 3 offices. 2 of the offices use the same ISP and the third (main) office uses a different one as it is in a very different geographic area. The person who reported this virus to the company told them that all three offices had the virus. I highly doubt an ISP would be able to, or even care to find out if another ISP has a client with a virus on it.
All in all this sounds like some kind of hoax or phish but what really bothers me is I can't really put my finger on what this caller has to gain from this. It caused no downtime and only about 20 minutes of diagnostics. Were they just trying to incite panic? Has anyone else had similar experiences?