Slashdot Mirror
Sober Code Cracked
An anonymous reader writes "The algorithm used by the Sober worm to 'communicate' with its author has been cracked. According to F-Secure, it can now calculate the exact URLs the worm would check on a particular day. Mikko Hyppönen, chief research officer at F-Secure, explained that the virus author has not used a constant URL because authorities would easily be able to block it. From the article: "Sober has been using an algorithm to create pseudorandom URLs which will change based on dates. Ninety nine percent of the URLs simply don't exist...however, the virus author can precalculate the URL for any date, and when he wants to run something on all the infected machines, he just registers the right URL, uploads his program and BANG! It's run globally on hundreds of thousands of machines," Hyppönen said. Sober is expected to launch itself again on January 5, 2006."
why would they publicize this? Wouldn't it be prudent to wait for the 5th January, run the same algorithms and check the URLs, and nab the perpetrator?
Register one of the URLs and post some code which, when executed, stops the worm executing. Rinse. Repeat.
Pinky: "What are we going to do tomorrow night Brain?"
Brain: "I would tell you Pinky but this 120 char limi
Sony did the same thing and look what good it did them!
I don't see why they need to post their discoveries. They could have done that AFTER the writer is caught...
Im still going to stick to my old protection
"In the game of life, someone always has to lose. To me, if life were fair, that someone would always be Oklahoma." -DKR
This is probably the single most brilliant thing I've ever read on Slashdot.
"Nobody owns the fucking words man." - James Dean