Latest Sober variant set to launch attack on Jan. 5

Computerworld - Commands hard-coded in the latest variant of the Sober worm indicate that its next major attack is scheduled for Jan. 5, according to security firm Verisign Inc.'s iDefense cyberintelligence service.
The attack trigger coincides with the 87th anniversary of the launch of the Nazi party and also appears to be timed to coincide with a major German political convention meeting the next day, the company said in a statement today. "If the attack goes into effect, we could potentially see a flooding of e-mail servers, and that is going to have an impact on e-mail service," said Ramses Martinez, director of malicious code operations at iDefense.
The Sober worm and its variants -- believed to have been initially authored by German hackers -- have emerged as the year's most prolific pieces of malware and are believed to be responsible for infecting tens of millions of computers worldwide.
The version programmed to launch the Jan. 5 attack started spreading on Nov. 22, the inauguration date of Germany's first female chancellor, Verisign said. The company's researchers discovered the code by reverse-engineering encrypted code in the Nov. 22 variant.
That variant is one of a slew of Sober variants that appeared around that time; it can send out copies of itself at a much faster rate than earlier versions, said Martinez.
It poses as e-mails from the FBI, the CIA and the National High-Tech Crime Unit in the U.K, and it may have already infected millions of computers worldwide as a prelude to the January attack, according to Martinez. "It is also going to trigger a download event on Jan. 5 to download additional code" to infected systems.
At this point, it is not clear what the worm is programmed to download, he said, noting that many of the download servers appear to be located in Germany and Austria.