More details on Sober worm
There’s a bit more detail in this betanews article on the sober worm. They basically say that the next expected “release” is January 8th, that f-secure has cracked the “code” of the worm. You see it appears that the URL’s that new versions of the worm are downloaded from are not hardcoded, but “psuedorandom” and they’ve cracked the algorithm the worm uses.
They say they’ve had it cracked since about May of this year, but had kept things close to the vest, only notifying German authorites located where the url’s were to be hosted. They say 99% of the url’s are currently non-existent, but all the virus writer must do is activate one and then all the currently infected sober systems start updating. After the January 5/6 check, the virus will check every two weeks for updates.
It is a quite clever “distributed” model that they seem to have employed to evade getting it snuffed out up until now. Most of the url’s seem to be pointing to accounts that would be hosted at free sites.
It sounds as though this will require continued monitoring and attention until the machines infected by sober are eliminated.
Popularity: 1% [?]
Related Posts - The Blackworm, Nyxem, KamaSutra Worm... Lot's of news following up on the Nyxem worm in the last few days. It's currently going under a number of names, the Kama Sutra Worm, Blackworm are some of the more common names. Sans has a page for information on the worm here. Microsoft has detailed manual removal instructions.......
- Sending Virus or Spam Abuse reports It occured to me that I may not have brought things to a neat conclusion on the post earlier about tracking email header data. I did make reference to sending an abuse report. Here's an attempt to clear up a few things that might still be fuzzy. 1) usually the......
- New Sober virus variant coming This is unusual, but there is advance notice from the Bavarian Police warning about a new variant on the Sober worm which will be released tomorrow. More information can be found at f-secure, as well as sunbeltblog. It appears that the emails may look something like this... Subject: Registration Confirmation......
Related Websites - Real-estate Hosting - Don't Overpay! Recently, I d been using WordTracker.com to see which "real estate property website" phrases get searched quite often through Google, Yahoo and similar major search engines. It surprised me that the phrase "property web hosting" and also the longer "real-estate internet page hosting" were two of the most commonly searched......
- The Web Hosting Services Of The Hostgator Review Thousands and thousands of web hosts scattered around the world and their business aim is simple - to get recognized and make profit. With so much noise around the web hosting industry, it is a tough task for us to pick up the right hosting. Nevertheless, it's not too hard......
- Small Business Financing: Taking Advantage Of Credit Cards And Knowing When To Avoid Them If you’re looking at starting a small business, you may be overwhelmed by the prospect of finding a way to fund your new venture. While there are a variety of options out there, one size does not fit all, and you’ll want to take a careful look at your own......
Similar Posts
- Microsoft advisory on Sober “Awakening”
- FBI / CIA virus
- New variation of Sober virus coming in January
- F-secure list of sober virus urls
- Sober virus watch…