Latest Sober variant set to launch attack on Jan. 5

[Guest guest]

Latest Sober variant set to launch attack on Jan. 5

If the attack occurs, it could flood e-mail servers, according to Verisign

 

News Story by Jaikumar Vijayan

 

DECEMBER 07, 2005 (COMPUTERWORLD) - Commands hard-coded in the latest variant

of the Sober worm indicate that its next major attack is scheduled for Jan. 5,

according to security firm Verisign Inc.'s iDefense cyberintelligence service.

The attack trigger coincides with the 87th anniversary of the launch of the Nazi

party and also appears to be timed to coincide with a major German political

convention meeting the next day, the company said in a statement today. " If the

attack goes into effect, we could potentially see a flooding of e-mail servers,

and that is going to have an impact on e-mail service, " said Ramses Martinez,

director of malicious code operations at iDefense.

 

The Sober worm and its variants -- believed to have been initially authored by

German hackers -- have emerged as the year's most prolific pieces of malware and

are believed to be responsible for infecting tens of millions of computers

worldwide.

 

The version programmed to launch the Jan. 5 attack started spreading on Nov.

22, the inauguration date of Germany's first female chancellor, Verisign said.

The company's researchers discovered the code by reverse-engineering encrypted

code in the Nov. 22 variant.

 

That variant is one of a slew of Sober variants that appeared around that

time; it can send out copies of itself at a much faster rate than earlier

versions, said Martinez.

 

It poses as e-mails from the FBI, the CIA and the National High-Tech Crime

Unit in the U.K, and it may have already infected millions of computers

worldwide as a prelude to the January attack, according to Martinez. " It is also

going to trigger a download event on Jan. 5 to download additional code " to

infected systems. \n 

\nAt this point, it is not clear what the worm is programmed to download, he

said, noting that many of the download servers appear to be located in Germany

and Austria.

\n 

\n 

\n 

\n\n\n\n\n\n\n\n\n\n\n\n

 

\n\nPost message: Our_FunHouse

\n

\nUn:  Our_FunHouse-

\nList owner:  Our_FunHouse-owner

\n

\nif you need anything at all contact

" ,1] ); //-->

 

At this point, it is not clear what the worm is programmed to download, he

said, noting that many of the download servers appear to be located in Germany

and Austria.

 

 

 

 

 

" When the power of love becomes stronger than the love of power, we will have

peace. "

Jimi Hendrix