-=PCTechTalk=- Sober Worm Attack Set for January 6
- From: "Robert Andrew Dulaney Jr." <rdulaneyjr@xxxxxxxxx>
- To: thisaintarealedress@xxxxxxx
- Date: Fri, 16 Dec 2005 02:49:16 -0800 (PST)
Sober Worm Attack Set for January 6 Walaika K. Haskins, newsfactor.com
Computer users and system administrators, take note. According to iDefense, a
division of VeriSign (Nasdaq: VRSN - news), on January 6, 2006, the world will
see the release of a new version of the Sober worm. Security analysts hope
that, at least in this instance, being forewarned can lead to being forearmed,
and that computer users will take the time before the attack to update their
security software.
The discovery was made as researchers at iDefense sought to unravel the most
recent version of the Sober worm's encrypted code through reverse engineering.
The latest variant was released in mid-November, infecting thousands of
computers. A week later, the worm reinfected computers with another variant
that sent faux e-mails supposedly from the FBI, the UK's National High Tech
Crime Unit, and the CIA. Intelligence experts believe that this version
infected millions of computers in a prelude to the scheduled attack in January.
While Ken Durham, director of iDefense's Rapid Response Team, acknowledged
that most antivirus firms worth their salt who have studied the Sober worm are
also aware of the date, he said iDefense decided to go public hoping that
awareness would breed caution that will help mitigate the spread of the worm.
"This is not like we have the corner on the market in knowing about dates and
how Sober works," Durham said. "The reason you do an announcement is that this
is a user-interaction worm. If people realize that there is going to be a
large-scale e-mail worm spread on or around those dates and they know what to
be prepared for, you can help mitigate that worm."
Spreading the Message
The Sober worm first appeared in October 2003, during what was later dubbed
the "year of the worm" because of major worm attacks such as Blaster, SoBig.F,
Nachi, and others. According to Durham, Sober didn't show up on the radar
screen as notable or significant at that time, but over the past two years it
became clear to security experts what the motive was behind the Sober worms and
that the author was in it for the long term and that this was going to be a
persistent attack.
"We often see codes rise and fall," said Durham. "Some malicious authors are
working on things as teenagers, but then they grow up and get out of the
business. In other cases, we find they do more sustained efforts over a period
of time. In the case of the Sober worms, we found that it was strongly
correlated to Neo Nazi right-wing agendas."
Durham said this so-called "hactivism" came to light over a period time
because the worm's authors would promote their code and spread it on historical
dates of significance. For instance, November 22, the date of the most recent
Sober release, was also the day Germany's first female chancellor was
inaugurated. January 6 marks the 87th anniversary of the founding of the Nazi
Party in Germany.
"At one point [the authors] actually used their infected computers to spam
out e-mails that would direct people to right-wing based Web sites," Durham
said. "They were very clearly using this to promote that kind of a religious
and political agenda as compared to a traditional person who is looking more
for their own notoriety and 15 minutes of fame or someone who may be working
with more of a criminal intent for financial gain."
A Constant Refrain
Security analysts say that, whether for profit or to support a political
agenda, the only way to combat these Internet plagues is for computer owners
and system administrators to be aware of potential threats and maintain systems
with up-to-date antivirus protection.
A recent report by America Online and the National Cyber Security Alliance
found that up to 81 percent of respondents had no security controls. Of that
number, 56 percent did not have any antivirus software or had software that had
not been updated in the past week, and 44 percent had an improperly configured
firewall. As for spyware, 38 percent said they had no antispyware protection at
all.
What began as a relatively unsophisticated worm, Durham said, has now become
a leading threat with modifications by the author. One e-mail gateway has
logged millions of interceptions of Sober on a daily basis, racking up 94
million during the first big outbreak in November, Durham revealed.
"The latest version of Sober was very successful in spamming itself to the
world," Durham said. "It has been set up so it has the technical capability to
send out large volumes of e-mail from any single infected machine."
Top of Charts
According to statistics from Sophos, the Sober worm accounted for 77.3
percent of all reports filed so far in December. That number represents roughly
one Sober infected e-mail for every 45 e-mails the average user receives. Sober
was the worm most reported to Sophos in November, despite its late release
during the last full week of the month.
"These figures tell us that Sober-Z has managed to infect a lot of people so
far," said Carol Theriault, senior security analyst at Sophos. "Being able to
predict an incident means that [security firms] can tell people about it so
that they can take appropriate action."
Yankee Group analyst Andrew Jaquith agreed that these kinds of announcements
are helpful because they give people an idea of what future threats will look
like, and it allows consumers and corporate customers an opportunity to prepare
themselves for a coming attack. However, Jaquith is concerned that alerts of
this magnitude might be lost amid the constant onslaught of virus alerts that
users receive. "It's not a question of someone crying wolf," said
Jaquith. "It's just that there are so many wolves, there is a lot of crying
going on. It's just one more thing in a never-ending stream of security
problems for Windows."
Don't assist the spammers!
Please delete my name and e-dress before forwarding this e-mail to anyone.
Thank you I appreciate your compliance
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
Other related posts:
- » -=PCTechTalk=- Sober Worm Attack Set for January 6
