Security vendors have discovered a variant of the Sober worm which they say is programmed to download an unknown piece of code from various Internet addresses early next month, launching a potential barrage of digital traffic.iDefense Inc. said it broke the encrypted code in a Sober variant discovered last month and found that it is designed to download the unknown code from various Web addresses on Jan. 5, 2006. Millions of “zombie” computers may already be infected with the variant, the company said.The date happens to coincide with the 87th anniversary of the Nazi Party. The release of worms has been tied to political events in the past, iDefense noted, a kind of “hactivisim” designed to distribute propaganda.Mikko Hypponen, chief research officer for F-Secure Corp., said the worm will try to download the mystery code from 14 URLs (Uniform Resource Locators) at four different ISPs (Internet service providers). F-Secure has contacted those ISPs, all in Austria and Germany, and requested that the addresses be blocked before the trigger date. At least one of them has responded positively, he said. The writer of the worm doesn’t seem interested in money, Hypponen said. The code may end up downloading propaganda to a user’s computer, or it may distribute further malicious code which then sends out messages to other computers, clogging the Internet.The Sober variant synchronizes itself with an online atomic clock to coordinate the attack, and the URLs many be scheduled to go online just before the code is activated in users’ computers, Hypponen said. The addresses, which were obtained by cracking the code, do not currently work, he said. Many of the Sober variants have spread by appearing to be e-mails from the U.S. Federal Bureau of Investigation or Central Intelligence Agancy or other law enforcement agencies. After malicious code in an attachment is executed, the worm spreads by sending itself to other e-mail addresses contained on the infected PC.The Sober worm has been the most prevalent nuisance of the year. It has appeared in more than 30 variants since it was first found in October 2003, iDefense said. It’s believed to have been created in Germany, and also uses appears in the German language.By Jeremy Kirk – IDG News Service (London Bureau) Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe