Sober worm infections cue up January attack
Posted on 8 Dec 2005 at 16:36
Security company iDefense claims a further attack triggered by Sober worm infections will occur 6 January 2006, based on code within the last variant unleashed at the end of last month.
The US company says that it reverse-engineered and decrypted elements of the worm's code and discovered that it is scheduled to download further code from the Internet on that date - a date which coincides with the 87th anniversary of the founding of the Nazi party. Past variants of the Sober worm have also included Nazi messages.
'This discovery emphasizes the ever-present and often underestimated threat of "hacktivism" - combining malicious code with political causes,' said Joe Payne, Vice President, VeriSign iDefense Security Intelligence Services. 'Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses.'
The slew of variants sent out last month triggered the epidemic of the year for virus infections, causing most antivirus vendors to issue their top-level risk alerts.
The timing of these versions was also significant, as it coincided with the inauguration of Germany's first female chancellor. Again, the attack scheduled for next year comes a day before a major German political convention meeting.
The author, or authors, are thought to be German: the Sober worm uses text in both English and German, depending on the domain of the email address to which it is being sent.
And German authorities having been tracking down those responsible for some time now.
The Bavarian police accurately predicted at least one variant of November's Sober outbreak, both in terms of timing and content, based on evidence gathered from their investigation.
Yet the Sober authors seem to have little concern for those closing the net on them. Recent versions of the virus have claimed to come from the German Bundeskriminalamt police, as well as the FBI, the CIA and the UK's National High-Tech Crime Unit (NHTCU). So if Sober wasn't on their radar before, it is now.
Given that it is now known from which servers Sober will download new code for the programmed attack in January, it is highly likely that these will quickly be shut down.
This will of course mean that another outbreak of Sober will be needed in order to seed enough infections for future attacks.
Author: Matt Whipp
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
Printed from www.pcpro.co.uk

