The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

iDefense Exposes Sober Worm Variant Timed with Nazi Party’s 87th Anniversary

iDefense Exposes Sober Worm Variant Timed with Nazi Party’s 87th Anniversary

Widespread Worm is Scheduled to Launch Jan. 5, 2006

December 7, 2005

Reston, VA. – Dec. 7, 2005 – iDefense, cyber security intelligence provider and VeriSign company (Nasdaq: VRSN), reports that the next planned attack of 2005’s most prolific e-mail worm family, Sober, is scheduled to start on Jan. 5, 2006 based on commands hard-coded within the worm. The attack date coincides with the 87th anniversary of the founding of the Nazi party. Additionally, the attack could have a significantly detrimental effect on Internet traffic, as e-mail servers are flooded with politically motivated spam e-mails from potentially tens of millions of e-mail addresses.

In addition to the Nazi party anniversary, the Jan. 5 trigger on the Sober variant appears to also be timed to coincide with a major German political convention meeting the next day, Jan. 6. In the past, VeriSign iDefense Security Intelligence Services has seen mass distribution of propaganda timed with political events to increase the worm’s notoriety, and help to further circulate it.

“This discovery emphasizes the ever-present and often underestimated threat of ‘hacktivism’ – combining malicious code with political causes,” said Joe Payne, Vice President, VeriSign iDefense Security Intelligence Services. “Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses.”

The Sober family appears to be authored by a German speaker or group of German speakers, and is composed of nearly 30 variants dating to October 2003. Infected e-mails propagate as attachments with a social engineering component, enticing readers to open malicious files with messages using information on current events. Sober is also a bilingual worm, sending German-language messages to German e-mail addresses, and English-language messages to other addresses.

Read the rest of the article here: iDefense : About iDefense : News Center : Recent Releases.


December 8, 2005 - Posted by | Antivirus News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: