I m Robert Vamosi, senior editor, CNET.com. Today I m goingto be talking about the next sober virus attack. There have been more than 20variants of the sober virus and each one of them uses what I call abootstrapping effect. That is, the virus writer initially sends out the firstwave of viruses that infect a small pool of PC s on the Internet. At apredetermined date, those PC s then call out to servers for additionalinstructions. The additional instructions often are a second wave of attacks sothese initially infected computers will then infect even more computers out onthe Internet.
It is the second wave of attacks that s we re concernedabout because we think it will happen on January 5, 2006. How do we know that?Within the virus code, the virus writer often leaves instructions for thevirus, what day and what servers to contact. So we have a date and we haveISP s out on the Internet. In the past, these were coded in plain text so thatwe could read them. Then they started encrypting them but the anti-viruscompanies figured out how to crack that code. With the latest sober variant,they figured out a way to randomize these ISP s so a given date might match upto different ISP s.
So how do we know which day the next sober virus willattack? We think it is going to be January 5, 2006 because of some socialengineering. Previous versions of the sober virus have coincided with importantdates in Nazi history. Also the virus has spread Nazi propaganda on theInternet. January 5th happens to be the 85th anniversary of the founding of theNazi party in Germany.
So what can you do to keep your desktop PC s from beinginvolved in the next sober virus attack? First, check your PCs and make surethat they re not already infected with the sober virus. If they are, clean themwith an anti-virus program now. Second of all, set a firewall rule to blockaccess to the ISP s that are associated with the attack on January 5, 2006. Tofind out those ISP addresses, read my Security Watch column at security.cnet.com.
