IT Management Begins With Security
SecurityProNews > News > Security News > Nazi Computer Worms Looking For Hitler’s Brain
Search:
[ news_security_news ]

Nazi Computer Worms Looking For Hitler’s Brain



John Stith
Staff Writer
2005-12-07

SecurityProNews: News RSS Feed Security News RSS Feed


So the headline's a little strange but the release of a new worm isn't. iDefense, a division of Verisign, reports the next planned attack of the Sober worm is slated to start on January 5th, 2006 based on commands hard-coded within the worm. The attack coincides with the 87th anniversary of founding the Nazi party.

In addition to the Nazi party anniversary, the January 5 trigger on the Sober variant appears to also be timed to coincide with a major German political convention meeting the next day, January 6, 2006.

"This discovery emphasizes the ever-present and often underestimated threat of 'hacktivism' -- combining malicious code with political causes," said Joe Payne, vice president, VeriSign iDefense Security Intelligence Services. "Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses."

The Sober family appears to be authored by a German speaker or group of German speakers, and is comprised of nearly 30 variants dating to October 2003. Infected e-mails propagate as attachments with a social engineering component, enticing readers to open malicious files with messages using information on current events. Sober is also a bi-lingual worm, sending German-language messages to German e-mail addresses, and English-language messages to other addresses.

iDefense discovered the next phase of the multi-phased Sober attack by reverse engineering and breaking encrypted code in the most recent Sober variant. This variant first began spreading through the Internet on or about November 16, 2005.

The computers infected by the November 16 variant began sending another version on November 22, 2005 -- a date that coincided with the inauguration of Germany's first female chancellor -- to additional computers posing as emails from the FBI, The United Kingdom's National High-Tech Crime Unit (NHTCU), German Bundeskriminalamt (BKA) and the CIA.

This November 22 variant is designed to download an unknown payload of code on January 5, 2006. iDefense intelligence experts report that this particular variant has already infected millions of systems as a prelude to the January 5 attack, scanning computers' address books to send hundreds of millions of messages claiming to be from various government entities.





About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds