More details on Sober worm



There’s a bit more detail in this betanews article on the sober worm. They basically say that the next expected “release” is January 8th, that f-secure has cracked the “code” of the worm. You see it appears that the URL’s that new versions of the worm are downloaded from are not hardcoded, but “psuedorandom” and they’ve cracked the algorithm the worm uses.


They say they’ve had it cracked since about May of this year, but had kept things close to the vest, only notifying German authorites located where the url’s were to be hosted. They say 99% of the url’s are currently non-existent, but all the virus writer must do is activate one and then all the currently infected sober systems start updating. After the January 5/6 check, the virus will check every two weeks for updates.

It is a quite clever “distributed” model that they seem to have employed to evade getting it snuffed out up until now. Most of the url’s seem to be pointing to accounts that would be hosted at free sites.

It sounds as though this will require continued monitoring and attention until the machines infected by sober are eliminated.

Related Posts

Blog Traffic Exchange Related Posts
  • New mass mailing virus F-secure has information on a fairly aggressive new email virus. Their name for it is VB.bi although it's aliases are.... W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi depending on which AV vendor you check with. It's a worm as well, in that it tries to spread through remote shares. It attempts to disable......
  • New Sober virus variant coming This is unusual, but there is advance notice from the Bavarian Police warning about a new variant on the Sober worm which will be released tomorrow. More information can be found at f-secure, as well as sunbeltblog. It appears that the emails may look something like this... Subject: Registration Confirmation......
  • Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
Blog Traffic Exchange Related Websites
  • Solidifying WP Security Designed with PHP, and powered by mySQL directories, WordPress is used by an amazing 8.5% of all websites. Web delivered spyware and web page hacking are becoming progressively more common. With such a lot of web content using WordPress as a CMS, any security weaknesses in the CMS structure or......
  • The 7 Steps To Internet Marketing Success Have you achieved all you wanted to achieve in the last 12 months? - Chances are you didn't know what you wanted to achieve... So in theory my first question may be difficult or even impossible to truthfully answer. If, like me, you are wanting to build a successful online......
  • The Web Hosting Services Of The Hostgator Review Thousands and thousands of web hosts scattered around the world and their business aim is simple - to get recognized and make profit. With so much noise around the web hosting industry, it is a tough task for us to pick up the right hosting. Nevertheless, it's not too hard......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site