We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Secret code lurks in Sober variant

Aims to distribute Nazi propaganda

Security vendors have discovered a variant of the Sober worm which they say is programmed to download an unknown piece of code from various internet addresses early next month, launching a potential barrage of traffic on the internet.

iDefense said it broke the encrypted code in a Sober variant discovered last month and found that it is designed to download the unknown code from various web addresses on 5 January. Millions of "zombie" computers may already be infected with the variant, the company said.

The date happens to coincide with the 87th anniversary of the Nazi Party. The release of worms has been tied to political events in the past, iDefense noted, a kind of "hactivisim" designed to distribute propaganda.

Mikko Hypponen, chief research officer for F-Secure, said the worm will try to download the mystery code from 14 URLs at four different ISPs. F-Secure has contacted those ISPs, all in Austria and Germany, and requested that the addresses be blocked before the trigger date. At least one of them has responded positively, he said.

The writer of the worm doesn't seem interested in money, Hypponen said. The code may end up downloading propaganda to a user's computer, or it may distribute further malicious code which then sends out messages to other computers, clogging the internet.

The Sober variant synchronises itself with an online atomic clock to coordinate the attack, and the URLs many be scheduled to go online just before the code is activated in users' computers, Hypponen said. The addresses, which were obtained by cracking the code, do not currently work, he said.

Many of the Sober variants have spread by appearing to be emails from the US FBI or CIA and other law enforcement agencies. After malicious code in an attachment is executed, the worm spreads by sending itself to other email addresses contained on the infected PC.

The Sober worm has been the most prevalent nuisance of the year. It has appeared in more than 30 variants since it was first found in October 2003, iDefense said. It's believed to have been created in Germany, and also appears in the German language.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite