Next Sober Attack Slated For Jan. 5

Want to just shoot the breeze? Forum 42 is the place!

Moderator:Moderators

Post Reply
User avatar
sniper_spike
Posts:761
Joined:Tue Nov 22, 2005 8:41 am
Location:Ontario, Canada
Contact:
Contact sniper_spike
Next Sober Attack Slated For Jan. 5

Post by sniper_spike » Wed Jan 04, 2006 11:45 am

...The next big Sober worm attack is scheduled to take place January 5, 2006, a date probably picked because it's the 87th anniversary of the founding of a precursor to the Nazi Party, a security firm said Wednesday.

January 5, 2006, was the date embedded in the most recent Sober variants, said Ken Dunham, a senior engineer with Reston, Va.-based VeriSign iDefense, a security intelligence firm.

"We did reverse engineering on the variants, and found this date in the code," said Dunham. "The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version..."
http://www.informationweek.com/security ... 839&pgno=1

Just thought I'd like to share this...

Discuss.
Dr. Gregory House wrote:Good lord, are you having a bowel movement or a baby?
Top
User avatar
bicostp
Moderator
Posts:10491
Joined:Mon Mar 07, 2005 5:47 pm
Steam ID:bicostp
Location:Spamalot
Contact:
Contact bicostp

Post by bicostp » Wed Jan 04, 2006 1:52 pm

So, what does it do?

http://www.pcadvisor.co.uk/news/index.cfm?newsid=5495

According to this site, it will only infect PCs that already have been attacked by older versions of it, or some malware programs.
The best way for users to protect themselves against any potential attack is to ensure they have antivirus software, according to the experts. "If you don't have antivirus, get some," Theriault said. "If you have some, ensure it's up to date and clean up your computer."

Hypponen stressed that users should double-check that their antivirus software is really running and being regularly updated. He pointed out that many worms, not just Sober, typically switch off both antivirus and firewall protection when they attack computers.
Top
User avatar
sam
Senior Member
Posts:1746
Joined:Mon Jan 10, 2005 7:23 am
Location:toronto
Contact:
Contact sam

Post by sam » Wed Jan 04, 2006 6:02 pm

Thanks for the heads up, scanning my computer now.
I'm the man, if you don't think so, you're wrong.
sniper_spike wrote:That sucks, bro's before ho's anyway man.
Image
Top
Harshboy
Portablizer
Posts:3610
Joined:Tue Oct 11, 2005 3:44 pm

Post by Harshboy » Wed Jan 04, 2006 6:32 pm

meh....i dont care..........i just wont use my pc...nah....i'll scan right now :shock:
Top
llama_master
Posts:43
Joined:Sat Dec 31, 2005 11:43 pm
Contact:
Contact llama_master

Post by llama_master » Wed Jan 04, 2006 6:44 pm

Crazy Nazi Viruses what will they think of next :!: . Thanks for the heads up
(\__/)
(='.'=)
(")_(")This is Bunny. Copy and past bunny into your signature to help him gain world domination
Image
Top
User avatar
daguuy
Portablizer
Posts:3666
Joined:Fri Apr 01, 2005 7:09 pm
Location:missoura

Post by daguuy » Wed Jan 04, 2006 7:20 pm

dad's a network security guy so he knows about this stuff, here's some stuff he emailed me:
This has been going on for several days, though I haven't been paying
too close attention. It is *_very_* serious. You should double-check
that your antivirus is up to date before you do anything else. That,
however, is not foolproof.

Don't use applications that let others display images w/o your
involvement; disable image display in email messages, don't open
unexpected email from unknown sources, configure your email pgm to not
display images automatically. Don't use any chat or IM apps that let
others send you images to display w/o you being able to first decline;
a
worm using this exploit could get on your friends' computers and
impersonate them sending messages to you. And don't automatically
click
"OK" on all pop-up dialogs! You could be shooting yourself in the
foot.

Savvis has taken the heretofore unprecedented step of advising all
employees to use Firefox (_not_ foolproof) and/or Linux/Unix for web
and
email. You may not appreciate how big of a sea change it is for that
to
happen.

Read this:

http://www.nist.org/news.php?extend.50
The firewall logs show that you downloaded a file with the latest nasty Windows exploit at 23:36:17 on Friday, December 30. That was before I was aware of the details needed to block it at the firewall.

You need to make sure you have the latest antivirus signatures updated on your system and then run a full system scan. Do this now before you do anything else. (If you're using AVast and got lucky, you may have been protected; they came out with a signature to recognize this one on the 29th.)

You should be aware that there are many, many exploits to this particular bug in Windows, and the A/V vendors are unable to keep up with signatures to recognize all the new exploits being developed. So what I said in my previous email still stands; you cannot depend on your A/V software to be able to recognize and stop all exploits of this. Likewise, I configured the firewall to block some of the problem files, but it's impossible to block all possibilities.
appaerently you can get it by just going to certain sites or viewing certain pics. i havn't had anything bad happen though
ImageImage
Top
Post Reply

Return to “Forum 42”