German security experts claim to have stopped a new variant of the Sober virus that reared its ugly head earlier this month. Sober.Q propagated right-wing hate messages in German and English.
Analysts, however, are somewhat skeptical that this is the end.
Sober is a mass mailing worm spread through a .zip file attached to the e-mail. Once the attachment is opened, the worm uses its own e-mail engine to send itself to addresses harvested from the infected computer.
“If we’re lucky, German security experts stopped the virus by working with Internet service providers to take down Web sites which had code required for the virus to spread,” Basex CEO and chief analyst Jonathan Spira told TechNewsWorld.
“Unfortunately, the programmer may have other tricks up his sleeve, so IT managers should not let down their guard or even take the time to breathe a sigh of relief.”
Beware of Thursday
Spira offers wise advice, considering the second half of the story.
The worm’s author had actually pre-programmed Sober.Q to stop spreading today (Monday). The German government funded the researchers who put at least a temporary end to the epidemic by shutting down Web computers supplying the code.
However, according to the German Federal Office for Information Security, Sober.Q is programmed to begin spreading its hate messages again on Thursday. Using a new list of Web sites, it could be the same story all over again.
A Rude Awakening
As with other recent variants of the Sober worm, Sober.Q uses a number of different subject lines, message bodies and attachments, sent in both English and German.
If Sober determines it is being sent to an e-mail address with a domain generally reserved for a German language country (e.g., .de, .ch, .at, .li) then the worm sends messages in German.
Unlike most spam, the primary motive behind the Sober worm is pure propaganda. For example, the German language e-mail messages indicate that the recipient has won tickets to the 2006 World Cup, thereby enticing the recipient to open the attachment.
The English language messages, however, carry more mundane subject linesincluding “Mailing Error,” “Registration Confirmation,” “Your e-mail was blocked,” and “Your Password.” The body of the e-mails spread hate messages.
“The Sober virus, which caused so much headache for the last two weeks, has disappeared as fast as it arrived, leaving behind a fresh crop of zombie computers broadcasting spam e-mails at double rates,” said Joel Smith, chief technology officer at Appriver, an e-mail security managed service provider. “We predict more Sober virus attacks in the future.”