Virus alert: Sober spreads hate mail

Another variant of the Sober virus, which spreads right-wing messages in German and English, appeared over the weekend. Security firms are warning they have received hundreds of thousands of emails generated by Sober.Q in its first 24 hours.

Sober is usually a mass-mailing worm that sends a copy of itself to email addresses stored on an infected computer's hard drive. However, in the same week that Germany and Europe celebrate the 60th anniversary of the end of World War II in Europe, the latest variant's sole purpose seems to be to distribute hate mail.

Scott Chasin, chief technology officer at email security specialists MX Logic, said the latest variant of Sober was being uploaded to computers infected by previous variants of Sober, which meant the virus authors may have remote control over thousands of PCs.

"Sober.Q appears to be downloaded by machines infected by Sober.P… If this is the case, the Sober.P author or authors could have remote command-and-control capabilities over a large network of infected machines. This network would provide not only a megaphone to distribute messages of hate but a platform for future spam, worm and denial of service attacks," said Chasin.

Although spam usually tries to advertise products, Chasin said it is now also being used for spreading propaganda.

"Spam has been traditionally regarded as annoying messages that promote Viagra, porn and low cost mortgages… But for the past year we have seen a trend in which worm authors are using spam not to hawk goods, but as a tool for political propaganda," said Chasin.

Last week, antivirus firms warned that the previous Sober variant, which was disguised as winning tickets to the Football World Cup in 2006, had suddenly modified its behaviour and stopped propagating. The temporary lull in activity seemed to have been planned by the virus writers in preparation for this latest attack.

MX Logic's Threat Centre has reported seeing more than 125,000 instances of the Sober.Q worm and categorised it as a high severity threat. Internet security firm SurfControl reported seeing 1,000 spam emails within hours of the initial outbreak, which the company said is around 40 times the usual number.

Munir Kotadia writes for ZDNet Australia