Sober Z virus
Steven M. Bellovin
smb at cs.columbia.edu
Tue Jan 3 23:46:53 UTC 2006
In message <43BB0108.6050000 at digitalrage.org>, Elijah Savage writes:
>
>Can anyone confirm this I got this from a security partner of ours.
>
>The source code for the Sober.Z worm, which began infecting computers
>worldwide on Nov. 21, indicates that the author(s) are planning to
>launch another attack on Thursday, Jan. 5 and Friday 6, to coincide with
>the 87th anniversary of the founding of the Nazi Party. On these dates,
>PCs infected with Sober.Z will be instructed to connect to numerous
>servers to download malicious code that will likely send out German and
>English language email hate messages. Uknown Company (my edit)encourages
>network administrators to protect themselves by blocking domains
>believed to host the malicious code. These domains are:
>http://people.freenet.de/
>http://scifi.pages.at/
>http://home.pages.at/
>http://free.pages.at/
>http://home.arcor.de/
>
>
>
>--
>http://www.digitalrage.org/
>The Information Technology News Center
>
Also see http://www.lurhq.com/soberdates.html
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list