[Mimedefang] slightly OT - Next Sober attack

Jan Pieter Cornet johnpc at xs4all.nl
Thu Dec 8 14:52:25 EST 2005


On Thu, Dec 08, 2005 at 12:27:21PM -0500, WBrown at e1b.org wrote:
> A collegue sent me this:
> 
> "The next planned widespread of 2005?s most prolific e-mail worm, Sober, 
> is scheduled to start on January 5, 2006 based on commands hard-coded 
> within the worm."
> 
> http://www.it-observer.com/articles.php?id=972

Which is the same date that Sober.I stopped reproducing.

See http://www.sophos.com/virusinfo/analyses/w32soberi.html
(it's also quite obvious from our online virus graphs, which go back
about a year... logging started shortly before the outbreak of 
Sober.I in november 2004).

I seem to recall there was mention of the virus trying to download
something around that time, and executing that, but all download sites
were taken offline before the download began... or was that another
sober variant?

Also sober variants have been known to cause "rightwing german hate spam"...
(sober.q), maybe we're getting a rerun of that on januari 5th?

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet



More information about the MIMEDefang mailing list