nanog mailing list archives

Re: Sober Z virus

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Tue, 03 Jan 2006 18:46:53 -0500


In message <43BB0108.6050000 () digitalrage org>, Elijah Savage writes:


Can anyone confirm this I got this from a security partner of ours.

The source code for the Sober.Z worm, which began infecting computers 
worldwide on Nov. 21,  indicates that the author(s) are planning to 
launch another attack on Thursday, Jan. 5 and Friday 6, to coincide with 
the 87th anniversary of the founding of the Nazi Party.  On these dates, 
PCs infected with Sober.Z will be instructed to connect to numerous 
servers to download malicious code that will likely send out German and 
English language email hate messages. Uknown Company (my edit)encourages 
network administrators to protect themselves by blocking domains 
believed to host the malicious code.  These domains are:
http://people.freenet.de/
http://scifi.pages.at/
http://home.pages.at/
http://free.pages.at/
http://home.arcor.de/



-- 
http://www.digitalrage.org/
The Information Technology News Center

Also see http://www.lurhq.com/soberdates.html

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Sober Z virus Elijah Savage (Jan 03)
- Re: Sober Z virus Steven M. Bellovin (Jan 03)
- <Possible follow-ups>
- Re: Sober Z virus Fergie (Jan 03)
  - Re: Sober Z virus Elijah Savage (Jan 03)
  - Re: Sober Z virus goemon (Jan 03)
    - Re: Sober Z virus Steve Sobol (Jan 04)