Sober Becomes Hate Mail Conduit

By Michael Hall | May 16, 2005 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3505471/Sober-Becomes-Hate-Mail-Conduit.htm

Security firms are reporting that a worm previously believed to account for over 5 percent of all recent e-mail traffic has become the conduit for hate messages.

W32/Sober-N was first reported two weeks ago. The worm used a variety of enticements, including offers of free tickets to World Cup soccer matches, to gull users into opening its payload. The spread of the worm was so rapid that security firm Sophos estimated it was responsible for over 5 percent of all e-mail passing over the Internet. Security firm MX Logic has upped that estimate to one in seven messages (14 percent).

According to MX Logic, Sober.Q uses machines infected with Sober-N to send out spam. Unlike Sober-N, Sober.Q has no self-replicating features: It simply sends out messages from infected systems.

The content of the messages has been tied to Germany's nationalist National Democratic Party (NPD), and it includes subjects such as:

  • Multi-Kulturell = Multi-Kriminell (Multi-culturally = multi-criminally)
  • Dresden 1945
  • The Whore Lived Like a German
  • Du wirst zum Sklaven gemacht!!! (You are made slaves!!!)

The messages are being sent out as the sixtieth anniversary of the end of World War II in Europe is being observed in Germany.

In a statement, MX Logic CTO Scott Chasin raised the possibility that Sober.Q is reflective of a broader potential for the authors of Sober-N.

"[T]he Sober.N author or authors could have remote command-and-control capabilities over a large network of infected machines," he said. "This network would provide not only a megaphone to distribute messages of hate, but a platform for future spam, worm and denial of service attacks."