Security research outfit iDefense has discovered a date buried in the code of the Sober worm which reveals when the next attack will occur.
So in the haze of post New Year’s revellry don’t forget to update your malware defences in time for what couldbe the first major attack for 2006. The New Year’s first Worm attack is expected on January 5th, the 87th Anniversary of the founding of Germany’s Nazi Party.
Verisgn company, iDefence, says 2005’s most prolific email worm family, Sober, is scheduled to flood the Net with politically motivated spam emails from potentially tens of millions of zombies.
The attack, which also appears to be timed to coincide with a major German political convention on
“This discovery emphasises the ever-present and often underestimated threat of ‘hacktivism’ – combining malicious code with political causes,” said Joe Payne, vice president, VeriSign iDefense Security Intelligence Services. “Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses.”
The Sober family appears to be authored by a German speaker or group of German speakers, and is comprised of nearly 30 variants dating to October 2003. Infected e-mails propagate as attachments with a social engineering component, enticing readers to open malicious files with messages using information on current events. Sober is also a bi-lingual worm, sending German-language messages to German e-mail addresses, and English-language messages to other addresses.
iDefense discovered the next phase of the multi-phased Sober attack by reverse engineering and breaking encrypted code in the most recent Sober variant. This variant first began spreading through the Internet on or about
This latter variant is designed to download an unknown payload of code on
www.verisign.com.au
