iDefense Exposes Sober Worm Variant Timed with Nazi Party’s 87th Anniversary
- 08 December, 2005 09:20
<p>iDefense, the cyber security intelligence provider and a VeriSign company (Nasdaq: VRSN), reports that the next planned attack of 2005’s most prolific email worm family, Sober, is scheduled to start on 5 January 2006 based on commands hard-coded within the worm. The attack date coincides with the 87th anniversary of the founding of the Nazi party. Additionally, the attack could have a significant detrimental effect on internet traffic, as email servers are flooded with politically motivated spam emails from potentially tens of millions of e-mail addresses.</p>
<p>In addition to the Nazi party anniversary, the 5 January trigger on the Sober variant appears to also be timed to coincide with a major German political convention meeting the next day - 6 January 2006. In the past, VeriSign iDefense Security Intelligence Services has seen mass distribution of propaganda timed with political events to increase the worm’s notoriety, and help to further circulate it.</p>
<p>“This discovery emphasises the ever-present and often underestimated threat of ‘hacktivism’ – combining malicious code with political causes,” said Joe Payne, vice president, VeriSign iDefense Security Intelligence Services. “Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses.”</p>
<p>The Sober family appears to be authored by a German speaker or group of German speakers, and is comprised of nearly 30 variants dating to October 2003. Infected e-mails propagate as attachments with a social engineering component, enticing readers to open malicious files with messages using information on current events. Sober is also a bi-lingual worm, sending German-language messages to German e-mail addresses, and English-language messages to other addresses.</p>
<p>iDefense discovered the next phase of the multi-phased Sober attack by reverse engineering and breaking encrypted code in the most recent Sober variant. This variant first began spreading through the Internet on or about 16 November 2005. The computers infected by the 16 Novembe variant began sending another version on 22 November 2005 - a date that coincided with the inauguration of Germany’s first female chancellor - to additional computers posing as emails from the FBI, The United Kingdom’s National High-Tech Crime Unit (NHTCU), German Bundeskriminalamt (BKA) and the CIA. This 22 November variant is designed to download an unknown payload of code on 5 January 2006. iDefense intelligence experts report that this particular variant has already infected millions of systems as a prelude to the 5 January attack, scanning computers’ address books to send hundreds of millions of messages claiming to be from various government entities.</p>
<p>The VeriSign iDefense Security Intelligence Services team provides data that helps protect some of the world’s largest networks in government, financial and retail markets. Its daily intelligence reports on emerging and established cyber threats – including actionable mitigation steps – are considered essential reading by certain industry security personnel, and help drive customers’ proactive network defense strategies.</p>
<p>iDefense analysts perform open-source research on Internet criminal activity in 13 languages and track Internet cybercrime in more than 30 countries. iDefense publishes weekly on hacker groups, cyber crime, software vulnerabilities, phishing schemes and malicious code (viruses, worms, Trojans, spyware and keyloggers).</p>
<p>About iDefense and VeriSign</p>
<p>iDefense, a VeriSign company, provides information security intelligence to the U.S. government and Global 2000 companies, including leaders in financial services, energy, transportation and telecommunications. The company provides customised, actionable, timely and relevant intelligence detailing potential threats, vulnerabilities and security issues directly to C-level executives, general counsels, auditors, senior security managers and staff, and system administrators. Further information is available at www.idefense.com or (703) 480-4602. VeriSign, Inc. (Nasdaq: VRSN), operates intelligent infrastructure services that enable and protect billions of interactions every day across the world’s voice and data networks. Additional news and information about the company is available at www.verisign.com.</p>
- FBI: Email swindlers have now redirected as much as $12bn in payments
- Penetration tests: What are the benefits? Should every business get one?
- Protecting data in the 2019 financial year: what cloud service providers and customers need to know
- To achieve strong IT security, embrace a framework strategy
- What is a cyber kill chain?