- Jul 16, 2001
- 17,967
- 140
- 106
Text
Researchers at Finnish anti-virus vendor F-Secure Corp. first cracked the code used in the Win32.Sober worm family in May this year but withheld details until this week to avoid tipping off the attacker.
Mikko Hypponen, chief incident officer of F-Secure, said the Sober worm uses an algorithm to create "pseudorandom URLs" that change based on the date. "These URLs point to free hosting servers typically operating in Germany or in Austria," Hypponen explained in a blog entry.
A quick check proved that 99 percent of URLs generated by the algorithm do not exist. However, Hypponen said the virus writer can pre-calculate the URL for any date and simply register the domain to upload a malicious program...
Researchers at Finnish anti-virus vendor F-Secure Corp. first cracked the code used in the Win32.Sober worm family in May this year but withheld details until this week to avoid tipping off the attacker.
Mikko Hypponen, chief incident officer of F-Secure, said the Sober worm uses an algorithm to create "pseudorandom URLs" that change based on the date. "These URLs point to free hosting servers typically operating in Germany or in Austria," Hypponen explained in a blog entry.
A quick check proved that 99 percent of URLs generated by the algorithm do not exist. However, Hypponen said the virus writer can pre-calculate the URL for any date and simply register the domain to upload a malicious program...
Facebook
Twitter