An anonymous reader writes "The algorithm used by the Sober worm to 'communicate' with its author has been cracked. According to F-Secure, it can now calculate the exact URLs the worm would check on a particular day. Mikko Hyppönen, chief research officer at F-Secure, explained that the virus author has not used a constant URL because authorities would easily be able to block it. From the article: "Sober has been using an algorithm to create pseudorandom URLs which will change based on dates. Ninety nine percent of the URLs simply don't exist...however, the virus author can precalculate the URL for any date, and when he wants to run something on all the infected machines, he just registers the right URL, uploads his program and BANG! It's run globally on hundreds of thousands of machines," Hyppönen said. Sober is expected to launch itself again on January 5, 2006."
Attend or create a Slashdot 20th anniversary party! DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Check out the new SourceForge HTML5 Internet speed test. ×