About us | Advertising | SecurityWatch
Home   Articles   Blog   Reviews   Press Releases   Security Tools   Sponsored Solutions
Information Security | Storage | Wireless and Mobile | Editorials | IT Insight
Articles > Editorial
Sober Activation Code Cracked
By IT Observer Staff
Friday, 9 December 2005 09:40 EST

When the latest variant of the Sober worm appeared online, anti-virus vendors were aware that the worm communicates with its author, but they did not know the exact way. On Thursday, anti-virus firm F-Secure said it had cracked the algorithm that was being used by the worm to download its payloads.

According to F-Secure, the author did not use constant URL addresses inside the virus body because authorities would easily be able to block it. Instead, the worm is programmed to use a pseudo-URL generator that will change based on the date.

Mikko Hypponen, chief research officer at F-Secure, wrote on the company’s Blog: “…Sober has been using an algorithm to create pseudorandom URLs which will change based on date. These URLs point to free hosting servers typically operating in Germany or in Austria. And 99% of the URLs generated by the virus simply don't exist.”

“However, the virus author can pre-calculate the URL for any date, and when he wants to run something on all the infected machines, he just registers the right URL, uploads his program and BANG! It's run globally in hundreds of thousands of machines.”

The latest variant of the worm is coded to activate on January 5, 2006. F-Secure suggest companies to block the list of addresses at the corporate firewall. The list of URL addresses is available at F-Secure’s Blog.

What's up, IT? Blog

Top 7 PHP Security Blunders
The human factor and information security
Why I Love Vulnerability Analysis In 2005
IT security fear factor: Tape backups
Uncovering Cyber Flaws
State of the security mart
When the hardware gets smart
Security for SMBs
Four Security Resolutions For The New Year
Symantec Readies Urgent Patch
Scan all company email for viruses, Trojans and worms with 4 virus engines, all in one package - GFI MailSecurity for Exchange/SMTP! Download your free 60-day trial today!

Check your website security with Acunetix Web Vulnerability Scanner. Audit your web applications for SQL injection, cross site scripting & more. Download trial!

Network Security Tools

SpyDefense protects your computer against annoying, and harmful software such as Spyware, Adware, Trojan horses, etc. SpyDefense is anti-spyware software that prides itself on a very user friendly environment.

Proactive Security Auditor
Proactive Password Auditor is a password security test tool that's designed to allow Windows NT, Windows 2000, Windows XP and and Windows Server 2003-based systems administrators to identify and close security holes in their networks.

File Securer
File Securer is a powerful tool designed to protect your sensitive folder and personal file. With strong security, File Securer embeds the protect into windows system kernel, both on command mode and window mode, all work professionally.

Copyright © IT-Observer.com 2000 - 2005    Privacy Policy | RSS Feeds
Site Meter