Warnings are beginning to appear that after a drop-off in activity a particularly pervasive virus may be set to reactivate on Monday, possibly repeating its role as a relay for hate spam.
According to a warning posted by the German governmental office responsible for IT security (the Bundesamt für Sicherheit in der Informationstechnik, or BSI), an analysis of Sober-P’s source code indicates that the virus is set to begin querying sites around the Internet for content to relay.
As reported on Monday, Sober-N became a conduit for political spam for a nationalist group in Germany after establishing itself as such a nuisance that security firms were crediting it with up to 14 percent of all e-mail traffic flowing over the Internet.
According to the BSI, Sober variant Sober-P is set to repeat that performance, though the organization couldn’t say what form its next blitz might take. The organization also indicated it has taken steps with ISPs to block machines the worm is apparently set to consult for content to relay.
Published reports also indicate that there’s a certain element of random activity in the Sober family, with a sophisticated algorithm found in the worm determining at what times and from which sites it will begin downloading the data it then forwards on as spam.