[87673] in North American Network Operators' Group
Re: Sober Z virus
daemon@ATHENA.MIT.EDU (Elijah Savage)
Tue Jan 3 18:17:22 2006
Date: Tue, 03 Jan 2006 18:16:53 -0500
From: Elijah Savage <esavage@digitalrage.org>
To: Fergie <fergdawg@netzero.net>
Cc: nanog@merit.edu
In-Reply-To: <20060103.151052.25461.293842@webmail04.lax.untd.com>
Errors-To: owner-nanog@merit.edu
Fergie wrote:
> See:
>
> http://www.f-secure.com/weblog/archives/archive-122005.html#00000729
>
> - ferg
>
>
> -- Elijah Savage <esavage@digitalrage.org> wrote:
>
>
> Can anyone confirm this I got this from a security partner of ours.
>
> The source code for the Sober.Z worm, which began infecting computers
> worldwide on Nov. 21, indicates that the author(s) are planning to
> launch another attack on Thursday, Jan. 5 and Friday 6, to coincide with
> the 87th anniversary of the founding of the Nazi Party. On these dates,
> PCs infected with Sober.Z will be instructed to connect to numerous
> servers to download malicious code that will likely send out German and
> English language email hate messages. Uknown Company (my edit)encourages
> network administrators to protect themselves by blocking domains
> believed to host the malicious code. These domains are:
> http://people.freenet.de/
> http://scifi.pages.at/
> http://home.pages.at/
> http://free.pages.at/
> http://home.arcor.de/
>
>
>
Thank you I always forget about f secure and they did not post as musch
info on symantecs site or I missed it some how.
--
http://www.digitalrage.org/
The Information Technology News Center
