Secret code lurks in Sober variant

Security vendors say a Sober variant is programmed to download a mysterious piece of code on Jan. 5, 2006, potentially triggering another attack.

Security vendors have discovered a variant of the Sober worm which they say is programmed to download an unknown piece of code from various Internet addresses early next month, launching a potential barrage of traffic on the Internet.

iDefense said it broke the encrypted code in a Sober variant discovered last month and found that it is designed to download the unknown code from various Web addresses on Jan. 5, 2006. Millions of "zombie" computers may already be infected with the variant, the company said.

The date happens to coincide with the 87th anniversary of the Nazi Party. The release of worms has been tied to political events in the past, iDefense noted, a kind of "hactivisim" designed to distribute propaganda.

Mikko Hypponen, chief research officer for F-Secure, said the worm will try to download the mystery code from 14 URLs (Uniform Resource Locators) at four different ISPs (Internet service providers). F-Secure has contacted those ISPs, all in Austria and Germany, and requested that the addresses be blocked before the trigger date. At least one of them has responded positively, he said.

The writer of the worm doesn't seem interested in money, Hypponen said. The code may end up downloading propaganda to a user's computer, or it may distribute further malicious code which then sends out messages to other computers, clogging the Internet.

The Sober variant synchronizes itself with an online atomic clock to coordinate the attack, and the URLs many be scheduled to go online just before the code is activated in users' computers, Hypponen said. The addresses, which were obtained by cracking the code, do not currently work, he said.

Many of the Sober variants have spread by appearing to be e-mails from the U.S. Federal Bureau of Investigation or Central Intelligence Agancy or other law enforcement agencies. After malicious code in an attachment is executed, the worm spreads by sending itself to other e-mail addresses contained on the infected PC.

The Sober worm has been the most prevalent nuisance of the year. It has appeared in more than 30 variants since it was first found in October 2003, iDefense said. It's believed to have been created in Germany, and also uses appears in the German language.

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?