Sober worm will strike again

Date: December 09, 2005
Source: InformationWeek
By: Gregg Keizer

A date found embedded in recent variants of the Sober worm provides a clue as to the timing of the next planned attack, a security firm said Wednesday.

The next big Sober worm attack is scheduled to take place January 5, 2006, a date probably picked because it's the 87th anniversary of the founding of a precursor to the Nazi Party, a security firm said Wednesday.

January 5, 2006, was the date embedded in the most recent Sober variants, said Ken Dunham, a senior engineer with Reston, Va.-based VeriSign iDefense, a security intelligence firm.

"We did reverse engineering on the variants, and found this date in the code," said Dunham. "The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version."

Embedded dates for spreading new malware aren't new. Sobig used it to dramatic effect in 2003, when new versions were pumped out regularly, as old ones were automatically deactivated on set schedules.
Original article

---

Add comment  Email to a Friend