The next version of the virulent Sober worm is set to be spread on 5 January, to coincide with the 87th anniversary of the founding of the German Nazi party.
Internet security company iDefense, which is a subsidiary of VeriSign, has issued the warning. Its alert is based on commands hard-coded within current variants of the worm.
Sober was first unleashed in 2003 and had a devastating effect on internet e-mail traffic. Since then, there have been a large number of variants, with many attached to e-mails that spread Nazi propaganda.
iDefense discovered the next planned Sober attack by reverse engineering and breaking encrypted code in the most recent Sober variant.
“This discovery emphasises the ever-present and often underestimated threat of “hacktivism” - combining malicious code with political causes,” said Joe Payne, vice president of VeriSign iDefense security intelligence services.
Payne urged businesses to shore up their defences against the next imminent Sober attack. E-mails carrying Sober are usually in either English or German, with many of them being sent from Germany and Austria.
The latest variant to cause damage was mainly in English however, and was attached to an e-mail pertaining to come from the FBI, warning users that they had visited illegal websites.
Once users clicked on an attachment, dressed up as an FBI questionnaire, they became infected with Sober.
Sober tries to turn off security tools on desktops, installs a backdoor for remote attackers on the victim’s machine, and replicates itself via the user’s address book.
The amount of e-mails created from this process can crash corporate networks and slow down parts of the public internet.