14 DAY TRIAL // F-Secure recently announced a major breakthrough regarding the most dangerous worm this year, which relied heavily on a secret algorithm in order to spread. The security experts managed to crack that code and stop the malware from being updated.
Since October 2003, Sober has mutated constantly and in two years' time 20 variants of the worm were spotted. The latest, named Sober.Y by F-Secure, was by far the most efficient in 2005 as it accounted for about 40 percent of all infections detected by the security firm. Experts think that the success of this specific worm lies in its ability to download new variants. The current variant should re-activate itself on 5 January, according to iDefense.
But if F-Secure experts were right, the end has come for the code which was used to create pseudorandom URLs where the latest releases of the Sober worm were downloaded from. The company said that it has cracked the algorithm, allowing it to figure out the URLs. This way, involved hosting providers will have the possibility to remove the sites, and system administrators will have a list of sites they should block at the corporate firewall.