Computer Users And System Administrators, Take Not

vipin · 23-12-2005, 07:03 AM

See Here yourself!

http://news.yahoo.com/s/nf/20051212/bs_nf/...HBhBHNlYwM5NjQ-

SOBER WORM ATTACK SET FOR 6th JANUARY 2006

Quote:

Computer users and system administrators, take note. According to iDefense, a division of VeriSign (Nasdaq: VRSN - news), on January 6, 2006, the world will see the release of a new version of the Sober worm. Security analysts hope that, at least in this instance, being forewarned can lead to being forearmed, and that computer users will take the time before the attack to update their security software.

Where would a broadband phone service benefit you most?*

*
Everywhere
At work
At home

*

The discovery was made as researchers at iDefense sought to unravel the most recent version of the Sober worm's encrypted code through reverse engineering. The latest variant was released in mid-November, infecting thousands of computers. A week later, the worm reinfected computers with another variant that sent faux e-mails supposedly from the* * FBI, the UK's National High Tech Crime Unit, and the* * CIA. Intelligence experts believe that this version infected millions of computers in a prelude to the scheduled attack in January.

While Ken Durham, director of iDefense's Rapid Response Team, acknowledged that most antivirus firms worth their salt who have studied the Sober worm are also aware of the date, he said iDefense decided to go public hoping that awareness would breed caution that will help mitigate the spread of the worm.

"This is not like we have the corner on the market in knowing about dates and how Sober works," Durham said. "The reason you do an announcement is that this is a user-interaction worm. If people realize that there is going to be a large-scale e-mail worm spread on or around those dates and they know what to be prepared for, you can help mitigate that worm."

Spreading the Message

The Sober worm first appeared in October 2003, during what was later dubbed the "year of the worm" because of major worm attacks such as Blaster, SoBig.F, Nachi, and others. According to Durham, Sober didn't show up on the radar screen as notable or significant at that time, but over the past two years it became clear to security experts what the motive was behind the Sober worms and that the author was in it for the long term and that this was going to be a persistent attack.

"We often see codes rise and fall," said Durham. "Some malicious authors are working on things as teenagers, but then they grow up and get out of the business. In other cases, we find they do more sustained efforts over a period of time. In the case of the Sober worms, we found that it was strongly correlated to Neo Nazi right-wing agendas."

Durham said this so-called "hactivism" came to light over a period time because the worm's authors would promote their code and spread it on historical dates of significance. For instance, November 22, the date of the most recent Sober release, was also the day Germany's first female chancellor was inaugurated. January 6 marks the 87th anniversary of the founding of the Nazi Party in Germany.

"At one point [the authors] actually used their infected computers to spam out e-mails that would direct people to right-wing based Web sites," Durham said. "They were very clearly using this to promote that kind of a religious and political agenda as compared to a traditional person who is looking more for their own notoriety and 15 minutes of fame or someone who may be working with more of a criminal intent for financial gain."

A Constant Refrain

Security analysts say that, whether for profit or to support a political agenda, the only way to combat these Internet plagues is for computer owners and system administrators to be aware of potential threats and maintain systems with up-to-date antivirus protection.

A recent report by America Online and the National Cyber Security Alliance found that up to 81 percent of respondents had no security controls. Of that number, 56 percent did not have any antivirus software or had software that had not been updated in the past week, and 44 percent had an improperly configured firewall. As for spyware, 38 percent said they had no antispyware protection at all.

What began as a relatively unsophisticated worm, Durham said, has now become a leading threat with modifications by the author. One e-mail gateway has logged millions of interceptions of Sober on a daily basis, racking up 94 million during the first big outbreak in November, Durham revealed.

"The latest version of Sober was very successful in spamming itself to the world," Durham said. "It has been set up so it has the technical capability to send out large volumes of e-mail from any single infected machine."

Top of Charts

According to statistics from Sophos, the Sober worm accounted for 77.3 percent of all reports filed so far in December. That number represents roughly one Sober infected e-mail for every 45 e-mails the average user receives. Sober was the worm most reported to Sophos in November, despite its late release during the last full week of the month.

"These figures tell us that Sober-Z has managed to infect a lot of people so far," said Carol Theriault, senior security analyst at Sophos. "Being able to predict an incident means that [security firms] can tell people about it so that they can take appropriate action."

Yankee Group analyst Andrew Jaquith agreed that these kinds of announcements are helpful because they give people an idea of what future threats will look like, and it allows consumers and corporate customers an opportunity to prepare themselves for a coming attack. However, Jaquith is concerned that alerts of this magnitude might be lost amid the constant onslaught of virus alerts that users receive.

"It's not a question of someone crying wolf," said Jaquith. "It's just that there are so many wolves, there is a lot of crying going on. It's just one more thing in a never-ending stream of security problems for Windows."

vipin · 23-12-2005, 07:07 AM

Another Information Link:-

http://www.playfuls.com/news_0446_On..._On_Virus.html

Quote:

Yes, since Christmas is just about one week away, a worm called Dasher has just been unleashed onto the Internet. It targets primarily Windows 2000, and two different versions have already been spotted.
* According to the IDG news service, Dasher is based on an exploit for a recently patched bug in Microsoft Distributed Transaction Coordinator, a component of the operating system that is commonly used by database software to help manage transactions. The company from Redmond has rated this vulnerability as "critical"* for Windows 2000 systems.
* "The Dasher worm wouldn't be able to spread at all if the security vulnerability in Microsoft's software didn't exist. It's important that all companies have a mechanism for rolling out security patches, as well as for automatically updating their anti-virus software," said Graham Cluley, senior technology consultant for Sophos., in a statement "Microsoft will be fuming that a virus writer is successfully exploiting another vulnerability in their operating system."
* But things are actually worse. We're not talking about one malicious “reindeer”, but about two of them, since two different variants of Dasher are now in circulation, according to Finnish security company F-Secure. Both versions install software that then tries to infect other vulnerable systems, and that also can be used to log keystrokes and turn the computer into a remotely controlled "bot" system.
* So, once again, it seems that our own beloved OS can be the victim of worms, courtesy of the company from Redmond. Thanks again, Microsoft.

Danny252 · 23-12-2005, 08:35 AM

There's alwas a new virus coming. Thats why we have firewalls and anti-virus software, and be safe. My pc's never died from a virus, AFAIK.

vipin · 23-12-2005, 09:20 AM

this appeared dangerous to me because I saw it somewhere with an alert for administrators and this sober worm appears dangerous to me!

Danny252 · 23-12-2005, 02:46 PM

Aren't most worms, viruses, torjans etc. potentially dangerous?

Reup · 23-12-2005, 03:15 PM

Yeah. For ignorant-non-updating-no-virusscnner-no-firewall-open-every-attachment kind of fools they are very dangerous. Just keep your DAT-files up to date, your OS and engine patched and your firewall reasonably closed and don't click on every screen you see without reading it first and you're in the clear. 'Don't panic!'

Caged · 24-12-2005, 02:22 AM

anyone who gets a virus nowadays and says they didn't see it coming should have their computer confiscated

Eagle of Fire · 24-12-2005, 02:31 AM

Sounds like a scam. How would they know which precise date a new worm would appear on the internet? I don't really beleive this.

plix · 24-12-2005, 05:47 AM

Quote:

Originally posted by Eagle of Fire@Dec 23 2005, 10:31 PM
Sounds like a scam. How would they know which precise date a new worm would appear on the internet? I don't really beleive this.

They know because it's not a new worm, it's an old one that self-mutates (sort of, but close enough) and has seen several new versions since it first appeared. The date was determined by reverse-engineering a copy collected "in the wild."

Fruit Pie Jones · 30-12-2005, 02:36 PM

Speaking of Sober, this is funny. This virus has actually done some good, it appears.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Where are all these users??	Doink	Blah, blah, blah...	13	23-01-2008 10:55 AM
Question For Administrators,	Tiberius	Blah, blah, blah...	17	07-07-2007 11:36 PM
Why Do Mac Users Get Better Aw?	Ioncannon	Blah, blah, blah...	14	14-08-2005 05:45 PM
Users Online	Rogue	Blah, blah, blah...	15	09-02-2005 08:34 PM
All Ie Users Look Here	JJXB	Blah, blah, blah...	1	07-02-2005 03:49 PM