A careful examination of the Sober worm code has revealed that its authors are planning to launch a major attack on 5 January.

The worm will contact a URL hosted in Germany or Austria and begin downloading material onto infected PCs.

Experts believe that the material could be from a neo-Nazi organisation. The activation date is the 87th anniversary of the founding of the Nazi Party, and the Sober worm has been used by right-wing hate groups in the past.

"This discovery emphasises the ever present and often underestimated threat of 'hacktivism' which combines malicious code with political causes," said Joe Payne, vice president at VeriSign iDefense Security Intelligence Services.

"Exposing this latest variant required technical and geopolitical analysis that connected the dots to give enterprises and home users plenty of time to shore up their defences."

Payne added that infected systems may start spamming the material out to email contacts once the attack begins, which could cause serious clogging problems with some email systems.

This latest Sober variant has had several troubling aspects for security vendors, suggesting that it is not an ordinary piece of code.