A new variant of the Sober mass-mailing worm is being blamed for the deluge of German spam messages flooding inboxes this weekend, anti-virus experts warned on Sunday.
The spam barrage arrives with politically themed messages in German and contains only links to news articles on German Web sites. Finnish anti-virus vendor F-Secure Corp. said the spam run is being powered by Sober.Q, the latest mutant of a worm that was first spotted in October 2003.
The latest spam barrage comes just two weeks after Sober.P launched a massive attack by promising tickets to next years World Cup soccer tournament in Germany. In that attack, the worm spread quickly by harvesting e-mail addresses from infected systems.
This weekends spam run does not include executable attachments and resembles the methods used in June 2004 by Sober.H, an earlier variant.
“I am getting inundated with reports this morning. I think this is the biggest Request for Information ever for us and certainly the busiest Sunday we have had in a while,” said Scott Fendley, an incident handler for SANS ISC (Internet Storm Center), a group that monitors malicious Internet activity.
Fendley told Ziff Davis Internet News the spam attack appears to be linked to the 60th anniversary of the end of World War II. There are several references in the subject lines to the bombing on Dresden in 1945 and other war-related political themes.
Many of the links point to the homepage of the right-wing extremist National Democratic Party (NPD) in Germany.
To protect against the spam barrage, businesses are urged to adjust e-mail filters to block the handful of subject lines being used.
Some of the subject lines are: “Verbrechen der deutschen Frau,” “Schily ueber Deutschland,” “Auf Streife durch den Berliner Wedding” and “Schily ueber Deutschland.”