Secure purchasing using these cards
Categories
Shopping Cart
0 items
Quick Find
 
Use keywords to find the product you are looking for.
Advanced Search
Information
Privacy Notice
Contact Us
Site Map

Firewall & E-security News

Sober.P zombies send waves of German hate e-mail

Get your Delete key ready. When you open your e-mail client this morning, you'll probably find your inbox stuffed with hundreds of German right-wing political e-mails. This bombardment of unglaublich spam resulted from a new payload for the Sober worm, inaccurately dubbed Sober.Q. However, don't get your network cables in a bunch worrying about it; the new variant directly affects only machines that have already been infected with Sober.P.

When Sober.P spread its malicious payload to thousands of machines last week, it installed a backdoor, allowing the worm's author to send new instructions to the compromised machines at will. On Sunday, Sober.P's author did just that. He sent his Sober.P zombies instructions telling them to send political German spam to all the e-mail addresses they know. The antivirus (AV) vendors call this new set of instructions Sober.Q.

The good news: the German and English spam that Sober.Q generates is benign. These e-mails don't contain any new viral infection. (That's why it's inaccurate to call this a new variant of Sober, since it does not infect any previously uninfected machines. More accurately, this is a new Sober.P payload.) Even the links in the messages don't forward you to malicious sites. Rather, they forward you to seemingly pro-Nazi, political articles. The attacker seems to have timed this spamming attack with the 60th anniversary of VJ Day, the end of World War II.

The bad news: Although it won't infect you, Sober.Q generates a whole heck of a lot of spam! I found about four hundred Sober.Q messages in my work Inbox alone. You'll probably spend a significant amount of time today, cleaning up the Inbox mess that Sober.Q has left behind.

Although Sober.Q doesn't infect new machines, nor spread on its own, it has flooded the Internet with millions of irritating messages that will steal time from you and your employees. It has also demonstrated how powerful a zombie network can be. Your take away? As usual: follow good e-mail handling practices. Deploy antivirus software, update it regularly, and discard, unopened, e-mail attachments that arrive unexpectedly. Otherwise, your computer could become one of the thousands of zombie computers unknowingly spamming the world. And even in a tasteless movie, much less real life, helping an army of Nazi zombies should be verboten. -- Corey Nachreiner

There is however, a fix for this for GFI mail. Please download the following GFI mail fix file which can be imported into GFI Mail Essentials to stop spam emails being received which have been generated by the Sober.P virus.

You can use keyword checking to block these type of emails. Just copy the above list to a text file, save to text file to disk and import the list into MailEssentials subject keyword checking list

(MailEssentials configuration -> Anti-Spam -> Keyword checking -> Subject tab).

CopyrightŠ 2004 Firebox.uk.com and part of this document is CopyrightŠ 2004 WatchGuardŽ Technologies, Inc.
You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.