The next planned widespread of 2005’s most prolific e-mail worm, Sober, is scheduled to start on January 5, 2006 based on commands hard-coded within the worm. The attack date coincides with the 87th anniversary of the Nazi party.
“This discovery emphasizes the ever-present and often underestimated threat of ´hacktivism´ — combining malicious code with political causes,” said Joe Payne, vice president, VeriSign iDefense Security Intelligence Services.
The company says the attack could have a significant damaging effect on internet traffic, as the worm designed to send politically motivated spam from tens of millions of e-mail addresses. The next phase of the multi-phased Sober worm has been discovered by iDefense using reverse-engineering techniques in the most recent version of the worm.
Sober first began spreading about November 15. The computers were infected by the worm began sending another version a week later on November 22. The last known version uses social engineering techniques and posing as emails from the FBI, CIA and other intelligence units.