Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sober Code Cracked

Posted by CowboyNeal on from the guts-spilled dept.

An anonymous reader writes "The algorithm used by the Sober worm to 'communicate' with its author has been cracked. According to F-Secure, it can now calculate the exact URLs the worm would check on a particular day. Mikko Hyppönen, chief research officer at F-Secure, explained that the virus author has not used a constant URL because authorities would easily be able to block it. From the article: "Sober has been using an algorithm to create pseudorandom URLs which will change based on dates. Ninety nine percent of the URLs simply don't exist...however, the virus author can precalculate the URL for any date, and when he wants to run something on all the infected machines, he just registers the right URL, uploads his program and BANG! It's run globally on hundreds of thousands of machines," Hyppönen said. Sober is expected to launch itself again on January 5, 2006."

3 of 303 comments (clear)

  1. My Question... by Shihar · · Score: 0, Flamebait

    Why on earth did they release this information? I can see telling the date of the next attack, but explaining how the author communicates with the virus just seems dumb. It doesn't help anyone except for the guy who knows that his methods have been spotted. Now you know that if he decides to upload to one of his websites he is going to assume that he is going to be tracked. This just means that he is going to make sure he is covert in doing it. If they had withheld this information, they might have been able to catch him in the act without him knowing and busted the little fascist shit head.

  2. Re:Recognition by Breakfast+Pants · · Score: 0, Flamebait

    Wow, that is some interesting bad grammar; it is particularly interesting coming from someone who is so concerned with spelling.

    --

    --

    WHO ATE MY BREAKFAST PANTS?
  3. Re:Hard to admit, but that is quite clever by Slick_Snake · · Score: 1, Flamebait

    I'd like to start by saying grow up. Your rant sounded like a school kid that was mad that the other kids were getting the attention. As for you "virus" we have no proof that you even made such a thing and I personally doubt it because of how much you over played the cloak and dagger theme. Locked up in a safe, yeah right. While I agree that the script kiddies don't know squat the "crackers" that made new worms and virii can be quite clever. There is a difference between people who just use someone else's exploit and those who find their own exploits and lumping them all together just shows how little you know.