nanog mailing list archives

Re: Sober Z virus

From: "Fergie" <fergdawg () netzero net>
Date: Tue, 3 Jan 2006 23:10:33 GMT


See:

http://www.f-secure.com/weblog/archives/archive-122005.html#00000729

- ferg


-- Elijah Savage <esavage () digitalrage org> wrote:


Can anyone confirm this I got this from a security partner of ours.

The source code for the Sober.Z worm, which began infecting computers 
worldwide on Nov. 21,  indicates that the author(s) are planning to 
launch another attack on Thursday, Jan. 5 and Friday 6, to coincide with 
the 87th anniversary of the founding of the Nazi Party.  On these dates, 
PCs infected with Sober.Z will be instructed to connect to numerous 
servers to download malicious code that will likely send out German and 
English language email hate messages. Uknown Company (my edit)encourages 
network administrators to protect themselves by blocking domains 
believed to host the malicious code.  These domains are:
http://people.freenet.de/
http://scifi.pages.at/
http://home.pages.at/
http://free.pages.at/
http://home.arcor.de/



-- 
http://www.digitalrage.org/
The Information Technology News Center

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/

Current thread:

Sober Z virus Elijah Savage (Jan 03)
- Re: Sober Z virus Steven M. Bellovin (Jan 03)
- <Possible follow-ups>
- Re: Sober Z virus Fergie (Jan 03)
  - Re: Sober Z virus Elijah Savage (Jan 03)
  - Re: Sober Z virus goemon (Jan 03)
    - Re: Sober Z virus Steve Sobol (Jan 04)