homepage Welcome to WebmasterWorld Guest from 54.227.5.234
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Sudden spate of German email spam.
Is it just me?
larryhatch




msg:325358
 11:25 pm on May 16, 2005 (gmt 0)

I seldom get German language spam, but in the last week I've gotten 20 or 30 all of a sudden.

Anyone else notice this? It not, it could just be my address. My site gets mentioned on foreign
blogs sometimes, and the Deutcher spammers may
have phished it out from there. -Larry.

 

jezra




msg:325359
 11:57 pm on May 16, 2005 (gmt 0)

I've been getting it all day. It seems to be mostly links to sites that deal with German politics.

weeks




msg:325360
 3:07 am on May 17, 2005 (gmt 0)

From Editor and Publisher:
Your E-mail Suddenly FIlled with German Hate Messages? Here's Why

Published: May 16, 2005 2:30 PM ET
NEW YORK -- A new variant of the Sober spam worm is being blamed for the deluge of German spam messages carrying right-wing or neo-Nazi messages flooding in-boxes around the world this week. Once the attachment is opened, the worm uses its own e-mail engine to send itself to addresses harvested from the infected computer.

Some messages link to right-wing German sites. This be linked to the 60th anniversary commemorations of the end of World War II in Europe.

Sober-P grabbed attention at the beginning of the month, in Germany and around the world, offering soccer tickets to the 2006 World Cup, but this is a new political variant.

Der Spiegel Online mentioned as a suspect today the NPD (German National Party), a neo-Nazi, anti-Semitic party that has advanced in some parts of the country lately. Last year, the NPD shook Germany when it got 9.2% of the vote in elections in Saxony, winning representation in the parliament there for the first time ever.

larryhatch




msg:325361
 3:59 am on May 17, 2005 (gmt 0)

OK that explains everything so far. The emails had clear inications of German Politik.

NOW. I never open attachments from such stuff, but sometimes read the cover email text only.

Can I presume I'm uninfected? No odd nasty signs from the computer yet.

Unrelated question: Why does it take longer for FOO messages to appear on the Recent Posts list? -Larry

grandpa




msg:325362
 8:26 am on May 17, 2005 (gmt 0)

They started here last Thursday. I got over a 1000 of those e-mails on Saturday night. Our web host email was set up to use the catchall feature(?), basically, you could reach me by sending a message to anyone@mydomain.com

The catchall was turned off and the messages dropped dramatically. A few have still managed to come thru, but the bulk of them, to addresses we would never use, have stopped.

Macguru




msg:325363
 11:20 am on May 17, 2005 (gmt 0)

>>Why does it take longer for FOO messages to appear on the Recent Posts list?

By default, FOO threads dont show up on the Recent Posts list anymore. The rare ones that do, are manually set so by our friendly Mods or Admins.

Reflect




msg:325364
 7:39 pm on May 17, 2005 (gmt 0)

Larry,

You most likely are correct to assume you are not infected. Most of the sites that delivered the payload had no payload to dump by the time it hit the US. Also this strain does not propiagate via attachemnts. It delivers through a link in the e-mail which needs clicked.

Just check to see if your AV defs are up to date and do a full system scan. Just an aside Symantec lists this as Trojan.Ascetic.C.

Been an annoyance here for our user base at best as we blocked teh payload sites for the time being.

Take care,

Brian

fiu88




msg:325365
 1:25 am on May 20, 2005 (gmt 0)

jesus.... thought it was just us! We've been getting 50 a day..all spoofing the sender and using non-existant e-mail addresses at our domain as the recipient...we have catch-all disabled...I dug a little further and found the actual recpient was a real e-mail address we enabled...

All the mails come from the same IP...I did a dns search and found and notified the ip block owner ( bellsouth) ....

Same time we've also been getting virus attempts with the subject " your e-mail account has been disabled" or " Your email account has been suspended"...

troels nybo nielsen




msg:325366
 8:55 am on May 22, 2005 (gmt 0)

The newsletter from a-squared warns that Sober.Q may be expected to attack Monday 23rd. Beware.

Sometimes it's really an advantage to be in an obscure corner of the Internet. Very few of these nasties get around to where I am.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved