Sober is usually a mass-mailing worm that sends a copy of itself to e-mail addresses stored on an infected computer's hard drive. However, in the same week that Germany and Europe celebrate the 60th anniversary of the end of World War II in Europe, the latest variant's sole purpose seems to be to distribute hate mail.
Scott Chasin, chief technology officer at e-mail security specialists MX Logic, said the latest variant of Sober was being uploaded to computers infected by previous variants of Sober, which meant the virus authors may have remote control over thousands of PCss.
"Sober.Q appears to be downloaded by machines infected by Sober.P... If this is the case, the Sober.P author or authors could have remote command-and-control capabilities over a large network of infected machines. This network would provide not only a megaphone to distribute messages of hate, but a platform for future spam, worm and denial of service attacks,' said Chasin.
Although spam usually tries to advertise products, Chasin said it is now also being used for spreading propaganda.
"Spam has been traditionally regarded as annoying messages that promote Viagra, porn and low cost mortgages... But for the past year we have seen a trend in which worm authors are using spam not to hawk goods, but as a tool for political propaganda," said Chasin.
Last week, antivirus firms warned that the previous Sober variant, which was disguised as winning tickets to the Soccer World Cup in 2006, had suddenly modified its behaviour and stopped propagating. The temporary lull in activity seemed to have been planned by the virus writers in preparation for this latest attack.
MX Logic's Threat Centre has reported seeing more than 125,000 instances of the Sober.Q worm and categorised it as a high severity threat. Internet security firm SurfControl reported seeing 1,000 spam e-mails within hours of the initial outbreak, which the company said is around 40 times the usual number.
This propaganda crap has got to stop. I have both Norton and Trend Micro anti virus programs and neither one picked up on this. Is this common? I can pretty much trace the infected computers and the e-mail addresses match a lot of those at my last office of real estate where I worked for two years. We had those 'know it alls' that downloaded anything and everything that came along. You could actually see the performance of the machines going down. I use a laptop for work, and when I saw what was going on, I stopped going on line from our cable to the office. Is there a program or software out there that can stop all this from happening? I'd like to know---JC