More details on Sober worm



There’s a bit more detail in this betanews article on the sober worm. They basically say that the next expected “release” is January 8th, that f-secure has cracked the “code” of the worm. You see it appears that the URL’s that new versions of the worm are downloaded from are not hardcoded, but “psuedorandom” and they’ve cracked the algorithm the worm uses.


They say they’ve had it cracked since about May of this year, but had kept things close to the vest, only notifying German authorites located where the url’s were to be hosted. They say 99% of the url’s are currently non-existent, but all the virus writer must do is activate one and then all the currently infected sober systems start updating. After the January 5/6 check, the virus will check every two weeks for updates.

It is a quite clever “distributed” model that they seem to have employed to evade getting it snuffed out up until now. Most of the url’s seem to be pointing to accounts that would be hosted at free sites.

It sounds as though this will require continued monitoring and attention until the machines infected by sober are eliminated.

Related Posts

Blog Traffic Exchange Related Posts
  • New Sober virus variant coming This is unusual, but there is advance notice from the Bavarian Police warning about a new variant on the Sober worm which will be released tomorrow. More information can be found at f-secure, as well as sunbeltblog. It appears that the emails may look something like this... Subject: Registration Confirmation......
  • New mass mailing virus F-secure has information on a fairly aggressive new email virus. Their name for it is VB.bi although it's aliases are.... W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi depending on which AV vendor you check with. It's a worm as well, in that it tries to spread through remote shares. It attempts to disable......
  • HP virus throttler available for Linux HP will be making their virus throttler software avialable for Linux. Their virus throttler software detects compromised machines on a network, mails the administrator and throttles network connections to the machine, attempting to minimize the impact of the viral outbreak. (It seems as though it would be especially useful against......
Blog Traffic Exchange Related Websites
  • Small Business Financing: Taking Advantage Of Credit Cards And Knowing When To Avoid Them If you’re looking at starting a small business, you may be overwhelmed by the prospect of finding a way to fund your new venture. While there are a variety of options out there, one size does not fit all, and you’ll want to take a careful look at your own......
  • Weekly Mashup, Apple Pie Edition This week you can find me in 3 different carnivals: Savings Not Shoes hosted the Festival of Frugality and included my article Can I Get a Job with a Misdemeanor? I  hosted the Money Hacks Carnival and went with an apple pie theme for National Apple Pie day. Financial Highway hosted the Carnival of Debt......
  • Movin' on Up! Why I Finally Made the Switch to a Self-Hosted Wordpress Blog The Conservative Journal began nearly 3 years ago as a purely political Wordpress-hosted blog.  Throughout the nearly 3 year journey, a lot of contributors have come and gone, some for more nefarious reasons than others (I'm looking at you, short-term writer who stole an iPad!).  One thing that has been......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site