Security outfit iDefense is reporting that the next Sober worm attack will take place on 5 January - the 87th anniversary of the founding of the Nazi party.

The information has been gleaned from breaking encrypted code in the latest version of Sober which dominated the November anti-virus ratings. According to iDefense, "the November 22 variant is designed to download an unknown payload of code on January 5, 2006".

Once the attached file is run, the worm "scans the user's hard drive for email addresses, in its search for fresh targets for infestation". It also tries to disable security software on infected Windows PCs.

Regarding the apparently political timing of the next expected assault, Joe Payne, vice president, VeriSign iDefense Security Intelligence Services, said: "This discovery emphasizes the ever-present and often underestimated threat of 'hacktivism' - combining malicious code with political causes. Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defenses." ®

Related stories

• Zero-day holiday (5 January 2006)
• Windows beats Linux - Unix on vulnerabilities - CERT (5 January 2006)
• Sober up as Christmas viruses spiral (4 January 2006)
• Santa worm is coming to IM (22 December 2005)
• Sober worm prompts net perv confession (20 December 2005)
• Firms count the cost of security threats (13 December 2005)
• Sober storms November virus chart (30 November 2005)
• NHTCU warns over Sober worm (28 November 2005)
• FBI warns over Sober worm (22 November 2005)
• Bavarian police have spooky Sober moment (16 November 2005)
• Sober worm comeback poses as schoolfriend pic (6 October 2005)
• Sober reloaded (20 May 2005)
• Sober infected PCs spew right-wing 'hate spam' (16 May 2005)
• Sober worm shakes Windows security (19 April 2005)
• FBI issues Sober notice over Windows worm (24 February 2005)
• Sober worm speaks with forked tongue (19 November 2004)