Ken Dunham
Ken Dunham
plenty ways
There are plenty of ways to get around all of those things.
computers connect date download found infected last likely reverse sober works
We did reverse engineering on the variants, and found this date in the code. The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version.
attacks attempt automated codes file found hackers impact increased level leverage methods sinister threat
The threat level for this vulnerability may be dramatically increased if more automated methods of distribution are found to be successful, such as e-mail or IM or file shares. The impact of attacks may also increase, with more sinister codes being installed as new hackers attempt to leverage the vulnerability to their advantage.
identified increases likelihood widespread
This increases the likelihood of exploitation, but widespread exploitation has not been identified to date.
proven social threat type worm written
This is a social engineering worm written in Russian. It is interesting when you look at it. This is a Java-based type of threat and it has been proven to be successful. We need to look at this and see what is going to be the threat down the road.
crossover global increased premature starts talk
If someone starts capitalizing on the crossover worm, and we start to see increased activity, then we can talk about a global threat. It's a little premature at this time.
computers effort files handful reality security thousands victory
The reality is that there could have been hundreds of thousands of computers with overwritten files today. Instead, we only have a handful of reports, and that is a hands-down victory for the collaborative effort of the security community.