Welcome to WebmasterWorld Guest from 184.108.40.206
Published: May 16, 2005 2:30 PM ET
NEW YORK -- A new variant of the Sober spam worm is being blamed for the deluge of German spam messages carrying right-wing or neo-Nazi messages flooding in-boxes around the world this week. Once the attachment is opened, the worm uses its own e-mail engine to send itself to addresses harvested from the infected computer.
Some messages link to right-wing German sites. This be linked to the 60th anniversary commemorations of the end of World War II in Europe.
Sober-P grabbed attention at the beginning of the month, in Germany and around the world, offering soccer tickets to the 2006 World Cup, but this is a new political variant.
Der Spiegel Online mentioned as a suspect today the NPD (German National Party), a neo-Nazi, anti-Semitic party that has advanced in some parts of the country lately. Last year, the NPD shook Germany when it got 9.2% of the vote in elections in Saxony, winning representation in the parliament there for the first time ever.
NOW. I never open attachments from such stuff, but sometimes read the cover email text only.
Can I presume I'm uninfected? No odd nasty signs from the computer yet.
Unrelated question: Why does it take longer for FOO messages to appear on the Recent Posts list? -Larry
The catchall was turned off and the messages dropped dramatically. A few have still managed to come thru, but the bulk of them, to addresses we would never use, have stopped.
You most likely are correct to assume you are not infected. Most of the sites that delivered the payload had no payload to dump by the time it hit the US. Also this strain does not propiagate via attachemnts. It delivers through a link in the e-mail which needs clicked.
Just check to see if your AV defs are up to date and do a full system scan. Just an aside Symantec lists this as Trojan.Ascetic.C.
Been an annoyance here for our user base at best as we blocked teh payload sites for the time being.
All the mails come from the same IP...I did a dns search and found and notified the ip block owner ( bellsouth) ....
Same time we've also been getting virus attempts with the subject " your e-mail account has been disabled" or " Your email account has been suspended"...