1) One reader has submitted a malware which after running through VirusTotal detected it as a Linux backdoor:
Ikarus 0.2.59.0 12.10.2005 Backdoor.Perl.Whoredoor.08
Kaspersky 184.108.40.206 12.10.2005 Rootkit.Linux.Matrics.sk
McAfee 4647 12.09.2005 Linux/BackDoor
2) On another note, Juha-Matti has pointed out an interesting Trojan.Spaxe. The interesting part is that it will display a balloon message, attempting to fake from the Windows Automatic Updates icon on the System Tray, with the following text:
"Your computer is infected!
Windows has detected spyware infection.
It is recommended to use special antispyware tools to prevent data loss.
Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware."
Clicking on the balloon will result in downloading a file from the Internet.
3) You may have read from news that there will be a Sober worm attack on 5 Jan 06. This is due to the pre-programmed date of current Sober variant to activate on 5 Jan 06. The interesting part is that the Sober variant has the intelligence to create pseudorandom URLs which will change based on date. It also can synchronize the systems via atom clocks so that it does not matter even if the system clock is not correct. F-Secure has come out a list of URLs that you may want to block. You can read the details from F-Secure nice writeup.
[Update to (3)]
On another note, LURHQ has a writeup on the key dates in the various Sober variants. It mentioned that the Sober.Y activation date should be after 5 Jan 06. The logic is "current date > Jan 5" and not "current date == Jan 5". Thanks to Dominic for pointing out.
Dec 10th 2005
1 decade ago