Sober Becomes Hate Mail Conduit

Sober-N, a Windows worm believed to account for almost 12 percent of all e-mail traffic over the past few weeks, has become a conduit for a nationalist party's political propaganda. Experts say Sober-N may be a remote control infection for worse to come.

By Michael Hall | Posted May 16, 2005
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Security firms are reporting that a worm previously believed to account for over 5 percent of all recent e-mail traffic has become the conduit for hate messages.

W32/Sober-N was first reported two weeks ago. The worm used a variety of enticements, including offers of free tickets to World Cup soccer matches, to gull users into opening its payload. The spread of the worm was so rapid that security firm Sophos estimated it was responsible for over 5 percent of all e-mail passing over the Internet. Security firm MX Logic has upped that estimate to one in seven messages (14 percent).

According to MX Logic, Sober.Q uses machines infected with Sober-N to send out spam. Unlike Sober-N, Sober.Q has no self-replicating features: It simply sends out messages from infected systems.

The content of the messages has been tied to Germany's nationalist National Democratic Party (NPD), and it includes subjects such as:

  • Multi-Kulturell = Multi-Kriminell (Multi-culturally = multi-criminally)
  • Dresden 1945
  • The Whore Lived Like a German
  • Du wirst zum Sklaven gemacht!!! (You are made slaves!!!)

The messages are being sent out as the sixtieth anniversary of the end of World War II in Europe is being observed in Germany.

In a statement, MX Logic CTO Scott Chasin raised the possibility that Sober.Q is reflective of a broader potential for the authors of Sober-N.

"[T]he Sober.N author or authors could have remote command-and-control capabilities over a large network of infected machines," he said. "This network would provide not only a megaphone to distribute messages of hate, but a platform for future spam, worm and denial of service attacks."

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter