Another Sober Variant Gears Up for Monday Blitz

A report out of the German government indicates that Sober-P is prepared to launch a spam blitz similar to the hate mail sent out by Sober-N-infected machines earlier this week.

By Michael Hall | Posted May 20, 2005
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Warnings are beginning to appear that after a drop-off in activity a particularly pervasive virus may be set to reactivate on Monday, possibly repeating its role as a relay for hate spam.

Also on Malware at ENP

  • Sober Becomes Hate Mail Conduit
  • Botnets: Who Really "0wns" Your Computers?
  • Worm Accounts for 5 Percent of E-Mail Traffic
  • According to a warning posted by the German governmental office responsible for IT security (the Bundesamt für Sicherheit in der Informationstechnik, or BSI), an analysis of Sober-P's source code indicates that the virus is set to begin querying sites around the Internet for content to relay.

    As reported on Monday, Sober-N became a conduit for political spam for a nationalist group in Germany after establishing itself as such a nuisance that security firms were crediting it with up to 14 percent of all e-mail traffic flowing over the Internet.

    According to the BSI, Sober variant Sober-P is set to repeat that performance, though the organization couldn't say what form its next blitz might take. The organization also indicated it has taken steps with ISPs to block machines the worm is apparently set to consult for content to relay.

    Published reports also indicate that there's a certain element of random activity in the Sober family, with a sophisticated algorithm found in the worm determining at what times and from which sites it will begin downloading the data it then forwards on as spam.

    Comment and Contribute
    (Maximum characters: 1200). You have
    characters left.
    Get the Latest Scoop with Enterprise Networking Planet Newsletter