From Spam Daily News
Malware getting smart. Very smart.
Posted on
May 15, 2005
The Sober worm, which has been around since 2003, shows a uniqueness in its strategy.
At approximately 5.45am on 15th May MessageLabs began intercepting a large number of German right-wing spam emails being generated from machines infected with a new variant of the Sober worm.
Almost all of the spam emails have been sent from otherwise clean IP addresses and will have gone largely undetected by spam filters not deploying proactive detection techniques for unknown sources of spam. The spam attack has also been conveniently deployed to coincide with a German public holiday.
"It would seem that the virus author has stored up networks of infected machines around the world holding them on standby to deploy at specific times – in this case, to successfully spread politically-motivated propaganda. Whether the author is a right-wing activist himself trying to influence public opinion or whether he is looking to tout his wares to groups that may be interested in paying for his services remains to be seen. It might not be a coincidence that on 22nd May regional elections will take place in Northrhine Westfalia," said Stephen White, Head of Anti-Spam Technical Operations within MessageLabs
The spam emails, which are mostly in German, use approximately 70 varying subject lines. Each mail contains a single URL directing recipients to a range of legitimate online articles in reputable German newspapers and magazines promoting political messages. Others have also been found to contain URLs that link to articles on previous Sober outbreaks.
"This latest attack by the Sober author is comparatively sophisticated and has obviously been well planned; it appears that previously unexploited networks of machines infected with earlier incarnations of the Sober worm have been remotely commanded to download this latest variant - Sober.Q - in order to spam out huge volumes, while at the same time circumventing spam filters for as long as possible," said White.
"The scale of this particular outbreak further highlights the extent of the threat from converged virus and spam techniques; after the release of a new virus or variant, we increasingly see massive spam attacks follow in quick succession. While spam was once just a nuisance, here we see not only how it can be used for far more malicious purposes, but how it can be propagated so widely when used in conjunction with viruses," added White.
RELATED: Organized crime offers rent-a-zombie deals
SOURCE: MessageLabs