Re: How could the Bavarian police know about Sober.T or V?
- From: "Turan Fettahoglu" <turan.fe@invalid>
- Date: Tue, 15 Nov 2005 11:17:13 +0100
"Gabriela Salvisberg" <salvie@xxxxxxxxxxxx> schrieb im Newsbeitrag news:pdmin19u4a94mno9k3aa85sjjedu61ha1s@xxxxxxxxxx
How could the Bavarian police know, when they published this yesterday (Monday)... http://www.polizei.bayern.de/blka/aktuell/presse.htm (or see http://www.f-secure.com/weblog/)
That this will happen today (Tuesday): http://www.f-secure.com/v-descs/sober_t.shtml
What about this, does this sound reasonable?
The worm probably was out in the wild for several days in advance to its predefined attack date, to make sure it makes a bigger attack. So the police had something to experiment on, like this:
- Infect an otherwise virgin test computer with the worm.
- Advance the computer date by one day, two, three and so on and check at what date the worm goes to work and if it phones home.
- Try to get the home server disconnected and hope it is not in Korea, China or the former Soviet Union.
- Inform the anti-virus companies. If you/they are quick, the worm will be found after the next scanner update and before it becomes active.
Turan
.
- Follow-Ups:
- Re: How could the Bavarian police know about Sober.T or V?
- From: Gabriela Salvisberg
- Re: How could the Bavarian police know about Sober.T or V?
- References:
- How could the Bavarian police know about Sober.T or V?
- From: Gabriela Salvisberg
- How could the Bavarian police know about Sober.T or V?
- Prev by Date: Re: How could the Bavarian police know about Sober.T or V?
- Next by Date: Virus checker for Win98SE
- Previous by thread: Re: How could the Bavarian police know about Sober.T or V?
- Next by thread: Re: How could the Bavarian police know about Sober.T or V?
- Index(es):
Relevant Pages
|
