[87671] in North American Network Operators' Group
Sober Z virus
daemon@ATHENA.MIT.EDU (Elijah Savage)
Tue Jan 3 17:56:40 2006
Date: Tue, 03 Jan 2006 17:56:08 -0500
From: Elijah Savage <esavage@digitalrage.org>
To: Nanog <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
Can anyone confirm this I got this from a security partner of ours.
The source code for the Sober.Z worm, which began infecting computers
worldwide on Nov. 21, indicates that the author(s) are planning to
launch another attack on Thursday, Jan. 5 and Friday 6, to coincide with
the 87th anniversary of the founding of the Nazi Party. On these dates,
PCs infected with Sober.Z will be instructed to connect to numerous
servers to download malicious code that will likely send out German and
English language email hate messages. Uknown Company (my edit)encourages
network administrators to protect themselves by blocking domains
believed to host the malicious code. These domains are:
http://people.freenet.de/
http://scifi.pages.at/
http://home.pages.at/
http://free.pages.at/
http://home.arcor.de/
--
http://www.digitalrage.org/
The Information Technology News Center
