Security research outfit iDefense has discovered a date buried in the code of the Sober worm which reveals when the next attack will occur.

So in the haze of post New Year’s revellry don’t forget to update your malware defences in time for what couldbe the first major attack for 2006. The New Year’s first Worm attack is expected on January 5th, the 87th Anniversary of the founding of Germany’s Nazi Party.

Verisgn company, iDefence, says 2005’s most prolific email worm family, Sober, is scheduled to flood the Net with politically motivated spam emails from potentially tens of millions of zombies.

The attack, which also appears to be timed to coincide with a major German political convention on 6 January 2006 is part of a growing trend to mass distribution of propaganda timed with political events.

“This discovery emphasises the ever-present and often underestimated threat of ‘hacktivism’ – combining malicious code with political causes,” said Joe Payne, vice president, VeriSign iDefense Security Intelligence Services.  “Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses.”

The Sober family appears to be authored by a German speaker or group of German speakers, and is comprised of nearly 30 variants dating to October 2003.  Infected e-mails propagate as attachments with a social engineering component, enticing readers to open malicious files with messages using information on current events.   Sober is also a bi-lingual worm, sending German-language messages to German e-mail addresses, and English-language messages to other addresses.

iDefense discovered the next phase of the multi-phased Sober attack by reverse engineering and breaking encrypted code in the most recent Sober variant. This variant first began spreading through the Internet on or about 16 November 2005. Computers infected with that worm began sending another version on 22 November to coincide with the inauguration of Germany’s first female chancellor – these are the FBI emails flooding the Internet.

This latter variant is designed to download an unknown payload of code on 5 January 2006.


Incase LeaderBoard 728x90 January 5 Worm Attack Planned
COVR X1870 728x902 January 5 Worm Attack Planned
728x90 1 January 5 Worm Attack Planned
Versa3 Leaderboard 728x90 January 5 Worm Attack Planned
SmartHouse Yoga Slim Carbon 728 x 90 January 5 Worm Attack Planned
728x90 January 5 Worm Attack Planned
Sero 728x90 January 5 Worm Attack Planned
JBHIFI Pre order Ampere 728 x 90 media January 5 Worm Attack Planned
728x90 7 January 5 Worm Attack Planned
Uniden PRO 728 x 90 January 5 Worm Attack Planned