[87675] in North American Network Operators' Group
Re: Sober Z virus
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Jan 3 18:47:23 2006
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Elijah Savage <esavage@digitalrage.org>
Cc: Nanog <nanog@merit.edu>
In-Reply-To: (Your message of "Tue, 03 Jan 2006 17:56:08 EST.")
<43BB0108.6050000@digitalrage.org>
Date: Tue, 03 Jan 2006 18:46:53 -0500
Errors-To: owner-nanog@merit.edu
In message <43BB0108.6050000@digitalrage.org>, Elijah Savage writes:
>
>Can anyone confirm this I got this from a security partner of ours.
>
>The source code for the Sober.Z worm, which began infecting computers
>worldwide on Nov. 21, indicates that the author(s) are planning to
>launch another attack on Thursday, Jan. 5 and Friday 6, to coincide with
>the 87th anniversary of the founding of the Nazi Party. On these dates,
>PCs infected with Sober.Z will be instructed to connect to numerous
>servers to download malicious code that will likely send out German and
>English language email hate messages. Uknown Company (my edit)encourages
>network administrators to protect themselves by blocking domains
>believed to host the malicious code. These domains are:
>http://people.freenet.de/
>http://scifi.pages.at/
>http://home.pages.at/
>http://free.pages.at/
>http://home.arcor.de/
>
>
>
>--
>http://www.digitalrage.org/
>The Information Technology News Center
>
Also see http://www.lurhq.com/soberdates.html
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
