The next big Sober worm attack is expected to take place on 5th January, 2006 according to sources at Vancouver-based VeriSign iDefense, a security intelligence firm. They detected a date found embedded in recent variants of the virus that attacked computers worldwide with German right-wing spam.
The date, probably picked because it will be the 87th anniversary of the founding of a precursor to the Nazi Party, provides a clue as to the timing of the next planned attack, according to InformationWeek.
"We did reverse engineering on the variants, and found this date in the code," said Ken Dunham, senior engineer with Reston. "The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version."
Embedded dates for spreading new malware aren't new. SoBig used it to dramatic effect in 2003, when new versions were pumped out regularly, as old ones were automatically deactivated on set schedules. It is also not the first time a Sober date has been sniffed out, said Dunham.
Like on Nov 14, the police in the southern German state of Bavaria warned of a Sober attack the next day, and the prediction proved on the mark.
Sober, which boasts more than 30 variants, debuted more than two years ago, and is characterised by bilingual messages (English or German) that are mass-mailed in huge quantities but don't carry a destructive payload.
The worm's creator doesn't appear to be motivated by money. Instead, he (or she) - who is assumed to be German - has a political agenda, said Ramses Martinez, iDefense's director of malicious code operations. "There hasn't been one variant that did anything but send out right-wing German spam."
Early versions of Sober were more upfront about the political agenda of the author, with messages directing recipients to neo-Nazi sites hosted in Germany, but for several months the messages have been politics-free.
Recent editions of the worm, however, have been timed to coincide with German political events. The release of Sober.z on Nov 22, for instance, matched the inauguration of Germany's first female chancellor, Angela Merkel.
"Sobers have always had a right-wing slant," said Dunham, who also noted that the next day, Jan 6, 2006, is the date of a major German political convention.
The practice of combining malicious code with political causes is often dubbed "hacktivism" and while it doesn't pose the same kind of risk as do worms, Trojans and spyware that are after money or identities, it can bring networks to their knees.
I am not sure whether the prediction will turn out to be true!!! Till then just wait and watch.