Sober Worm Code Algorithm Cracked

The algorithm used in one of the most debilitating e-mail worm attacks in history has been cracked, allowing virus researchers to accurately predict the dates and URLs that will be used in future mutants. Researchers at Finnish anti-virus vendor F-Secure Corp. first cracked the code used in the Win32.Sober worm family in May this year but withheld details until this week to avoid tipping off the attacker.

Mikko Hypponen, chief incident officer of F-Secure, said the Sober worm uses an algorithm to create "pseudorandom URLs" that change based on the date. "These URLs point to free hosting servers typically operating in Germany or in Austria," Hypponen explained in a blog entry. Sober Worm Code Algorithm Cracked

Linked by shanmuga Friday, 9th December 2005 9:26PM