Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Next Sober Attack Slated For Jan. 5

  • Please log in to reply
1 reply to this topic

#1 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,903 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:46 PM

Posted 08 December 2005 - 01:39 PM

Next Sober Attack Slated For Jan. 5
December 07, 2005
By Gregg Keizer

The next big Sober worm attack is scheduled to take place January 5, 2006, a date probably picked because it's the 87th anniversary of the founding of a precursor to the Nazi Party, a security firm said Wednesday.

January 5, 2006, was the date embedded in the most recent Sober variants..."We did reverse engineering on the variants, and found this date in the code," said Dunham. "The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version."...

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)


#2 BanditFlyer


  • Members
  • 283 posts
  • Local time:11:46 AM

Posted 08 December 2005 - 04:40 PM

Thanks for the info Quietman.

Do you ever inform the people whose machines are sending you these virii that they are sending out virii? I did a whois search on some of the IPs I found in several of the sober worm messages I have received purporting to be from the CIA and FBI and several of them have had the same IP.

I was wondering if I should try to look them up? They do not look like normal whois entries in that they do not list contact info for a business such as an email, phone number, etc. They only list a business name and an IP block, so it looks like these are the actual ISPs that they are using.

Should I try alerting the ISP???

What do you do?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users