Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

iDefense Exposes Sober Worm Variant Timed with Nazi Party’s 87th Anniversary

  • 08 December, 2005 09:20

<p>iDefense, the cyber security intelligence provider and a VeriSign company (Nasdaq: VRSN), reports that the next planned attack of 2005’s most prolific email worm family, Sober, is scheduled to start on 5 January 2006 based on commands hard-coded within the worm. The attack date coincides with the 87th anniversary of the founding of the Nazi party. Additionally, the attack could have a significant detrimental effect on internet traffic, as email servers are flooded with politically motivated spam emails from potentially tens of millions of e-mail addresses.</p>
<p>In addition to the Nazi party anniversary, the 5 January trigger on the Sober variant appears to also be timed to coincide with a major German political convention meeting the next day - 6 January 2006. In the past, VeriSign iDefense Security Intelligence Services has seen mass distribution of propaganda timed with political events to increase the worm’s notoriety, and help to further circulate it.</p>
<p>“This discovery emphasises the ever-present and often underestimated threat of ‘hacktivism’ – combining malicious code with political causes,” said Joe Payne, vice president, VeriSign iDefense Security Intelligence Services. “Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses.”</p>
<p>The Sober family appears to be authored by a German speaker or group of German speakers, and is comprised of nearly 30 variants dating to October 2003. Infected e-mails propagate as attachments with a social engineering component, enticing readers to open malicious files with messages using information on current events. Sober is also a bi-lingual worm, sending German-language messages to German e-mail addresses, and English-language messages to other addresses.</p>
<p>iDefense discovered the next phase of the multi-phased Sober attack by reverse engineering and breaking encrypted code in the most recent Sober variant. This variant first began spreading through the Internet on or about 16 November 2005. The computers infected by the 16 Novembe variant began sending another version on 22 November 2005 - a date that coincided with the inauguration of Germany’s first female chancellor - to additional computers posing as emails from the FBI, The United Kingdom’s National High-Tech Crime Unit (NHTCU), German Bundeskriminalamt (BKA) and the CIA. This 22 November variant is designed to download an unknown payload of code on 5 January 2006. iDefense intelligence experts report that this particular variant has already infected millions of systems as a prelude to the 5 January attack, scanning computers’ address books to send hundreds of millions of messages claiming to be from various government entities.</p>
<p>The VeriSign iDefense Security Intelligence Services team provides data that helps protect some of the world’s largest networks in government, financial and retail markets. Its daily intelligence reports on emerging and established cyber threats – including actionable mitigation steps – are considered essential reading by certain industry security personnel, and help drive customers’ proactive network defense strategies.</p>
<p>iDefense analysts perform open-source research on Internet criminal activity in 13 languages and track Internet cybercrime in more than 30 countries. iDefense publishes weekly on hacker groups, cyber crime, software vulnerabilities, phishing schemes and malicious code (viruses, worms, Trojans, spyware and keyloggers).</p>
<p>About iDefense and VeriSign</p>
<p>iDefense, a VeriSign company, provides information security intelligence to the U.S. government and Global 2000 companies, including leaders in financial services, energy, transportation and telecommunications. The company provides customised, actionable, timely and relevant intelligence detailing potential threats, vulnerabilities and security issues directly to C-level executives, general counsels, auditors, senior security managers and staff, and system administrators. Further information is available at www.idefense.com or (703) 480-4602. VeriSign, Inc. (Nasdaq: VRSN), operates intelligent infrastructure services that enable and protect billions of interactions every day across the world’s voice and data networks. Additional news and information about the company is available at www.verisign.com.</p>

Most Popular

Most Popular Reviews

Join the newsletter!

Error: Please check your email address.

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?