Sober comes out of hibernation to spread hate

• Tags:
• Sober.Q,
• Sober.P

Munir Kotadia ZDNet Australia

Published: 16 May 2005 09:25 BST

• 
• 
• 
• 
• 

Another variant of the Sober virus, which spreads right-wing messages in German and English, appeared over the weekend. Security firms are warning that they have received hundreds of thousands of emails generated by Sober.Q in its first 24 hours.

Sober is usually a mass-mailing worm that sends a copy of itself to e-mail addresses stored on an infected computer's hard drive. However, in the same week that Germany and Europe celebrate the sixtieth anniversary of the end of World War II in Europe, the latest variant's sole purpose seems to be to distribute hate mail.

Scott Chasin, chief technology officer at email security specialists MX Logic, said the latest variant of Sober was being uploaded to computers infected by previous variants of Sober, which meant the virus authors may have remote control over thousands of PCs.

"Sober.Q appears to be downloaded by machines infected by Sober.P… If this is the case, the Sober.P author or authors could have remote command-and-control capabilities over a large network of infected machines. This network would provide not only a megaphone to distribute messages of hate, but a platform for future spam, worm and DoS attacks,' said Chasin.

Although spam usually tries to advertise products, Chasin said it is now also being used for spreading propaganda.

"Spam has been traditionally regarded as annoying messages that promote Viagra, porn and low cost mortgages… But for the past year we have seen a trend in which worm authors are using spam not to hawk goods, but as a tool for political propaganda," said Chasin.

Last week, security firms reported that Sober.P — which security companies have variously tagged as Sober.N, Sober.O or Sober.S — travels as an attachment in emails written in English and German. One of the most widely reported emails contains an alluring message stating that the recipient has won free tickets to the 2006 World Cup in Germany, but many other types have also been spotted had suddenly modified its behaviour and stopped propagating. The temporary lull in activity seemed to have been planned by the virus writers in preparation for this latest attack.

MX Logic's Threat Centre has reported seeing more than 125,000 instances of the Sober.Q worm and categorised it as a high severity threat. Internet security firm SurfControl reported seeing 1,000 spam e-mails within hours of the initial outbreak, which the company said is around 40 times the usual number.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed