Friday, December 09, 2005

Sober Worn algorithim cracked

The most recent varition on this worm was the recent fbi email. F-secure has cracked it and can tell what ip its making up. "Sober has been using an algorithm to create pseudorandom URLs which will change based on dates. Ninety nine percent of the URLs simply don't exist ... however, the virus author can precalculate the URL for any date, and when he wants to run something on all the infected machines, he just registers the right URL, uploads his program and BANG! It's run globally on hundreds of thousands of machines," Hyppönen wrote in his blog.


Post a Comment

<< Home