homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

Sudden spate of German email spam.
Is it just me?

WebmasterWorld Senior Member 10+ Year Member

Msg#: 8888 posted 11:25 pm on May 16, 2005 (gmt 0)

I seldom get German language spam, but in the last week I've gotten 20 or 30 all of a sudden.

Anyone else notice this? It not, it could just be my address. My site gets mentioned on foreign
blogs sometimes, and the Deutcher spammers may
have phished it out from there. -Larry.



10+ Year Member

Msg#: 8888 posted 11:57 pm on May 16, 2005 (gmt 0)

I've been getting it all day. It seems to be mostly links to sites that deal with German politics.


WebmasterWorld Senior Member 5+ Year Member

Msg#: 8888 posted 3:07 am on May 17, 2005 (gmt 0)

From Editor and Publisher:
Your E-mail Suddenly FIlled with German Hate Messages? Here's Why

Published: May 16, 2005 2:30 PM ET
NEW YORK -- A new variant of the Sober spam worm is being blamed for the deluge of German spam messages carrying right-wing or neo-Nazi messages flooding in-boxes around the world this week. Once the attachment is opened, the worm uses its own e-mail engine to send itself to addresses harvested from the infected computer.

Some messages link to right-wing German sites. This be linked to the 60th anniversary commemorations of the end of World War II in Europe.

Sober-P grabbed attention at the beginning of the month, in Germany and around the world, offering soccer tickets to the 2006 World Cup, but this is a new political variant.

Der Spiegel Online mentioned as a suspect today the NPD (German National Party), a neo-Nazi, anti-Semitic party that has advanced in some parts of the country lately. Last year, the NPD shook Germany when it got 9.2% of the vote in elections in Saxony, winning representation in the parliament there for the first time ever.


WebmasterWorld Senior Member 10+ Year Member

Msg#: 8888 posted 3:59 am on May 17, 2005 (gmt 0)

OK that explains everything so far. The emails had clear inications of German Politik.

NOW. I never open attachments from such stuff, but sometimes read the cover email text only.

Can I presume I'm uninfected? No odd nasty signs from the computer yet.

Unrelated question: Why does it take longer for FOO messages to appear on the Recent Posts list? -Larry


WebmasterWorld Senior Member 10+ Year Member

Msg#: 8888 posted 8:26 am on May 17, 2005 (gmt 0)

They started here last Thursday. I got over a 1000 of those e-mails on Saturday night. Our web host email was set up to use the catchall feature(?), basically, you could reach me by sending a message to anyone@mydomain.com

The catchall was turned off and the messages dropped dramatically. A few have still managed to come thru, but the bulk of them, to addresses we would never use, have stopped.


WebmasterWorld Senior Member macguru us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 8888 posted 11:20 am on May 17, 2005 (gmt 0)

>>Why does it take longer for FOO messages to appear on the Recent Posts list?

By default, FOO threads dont show up on the Recent Posts list anymore. The rare ones that do, are manually set so by our friendly Mods or Admins.


10+ Year Member

Msg#: 8888 posted 7:39 pm on May 17, 2005 (gmt 0)


You most likely are correct to assume you are not infected. Most of the sites that delivered the payload had no payload to dump by the time it hit the US. Also this strain does not propiagate via attachemnts. It delivers through a link in the e-mail which needs clicked.

Just check to see if your AV defs are up to date and do a full system scan. Just an aside Symantec lists this as Trojan.Ascetic.C.

Been an annoyance here for our user base at best as we blocked teh payload sites for the time being.

Take care,



10+ Year Member

Msg#: 8888 posted 1:25 am on May 20, 2005 (gmt 0)

jesus.... thought it was just us! We've been getting 50 a day..all spoofing the sender and using non-existant e-mail addresses at our domain as the recipient...we have catch-all disabled...I dug a little further and found the actual recpient was a real e-mail address we enabled...

All the mails come from the same IP...I did a dns search and found and notified the ip block owner ( bellsouth) ....

Same time we've also been getting virus attempts with the subject " your e-mail account has been disabled" or " Your email account has been suspended"...

troels nybo nielsen

WebmasterWorld Senior Member 10+ Year Member

Msg#: 8888 posted 8:55 am on May 22, 2005 (gmt 0)

The newsletter from a-squared warns that Sober.Q may be expected to attack Monday 23rd. Beware.

Sometimes it's really an advantage to be in an obscure corner of the Internet. Very few of these nasties get around to where I am.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved