Latest sober worm sends German spam

E-mail users perplexed by the barrage of German-language spam waiting in their inboxes Monday morning can point the finger of blame at the latest version of the Sober mass mailing worm which began rapidly spreading over the weekend.

Sober.q uses both German and English-language messages to direct recipients to Web sites with right-wing German nationalistic content, according to an advisory from e-mail security company MX Logic. One of the URLs (uniform resource locators) points to the Web site of the right-wing German NPD party, it said.

The security firm said that it had seen over 125,000 instances of Sober.q overnight Saturday and into Sunday, and labelled it as a high severity threat. The variant is downloaded by computers already infected by the Sober.p worm which began circulating earlier this month, MX Logic said. The virus writers appear to have remote control over the Sober.p infected machines, giving them a network from which to launch future spam and denial of service attacks, it added.

The latest sober variant is one of a relatively new type of "propaganda spam," meant to spread political messages rather than sell a product or service, MX Logic said. Circulation of the worm coincides with ceremonies marking the 60th anniversary of the end of World War II in Europe and examples of subject lines it sends include "Dresden 1945" and "Du wirst zum Sklaven gemacht!!!" ("You are made slaves!!!"), according to MX Logic.

"We are certainly seeing more propaganda spam," said Graham Cluley, senior technology consultant with Sophos PLC. Security researchers began detecting religious spam selling a particular view of life last year, Cluley added.

Although Sophos is seeing a lot of German-language spam sent by the new Sober variant, the worm itself doesn't appear to be spreading anymore, Cluley said.

E-mail users are advised to update their spam filters to guard against the new Sober spam.