|
|
A persistent computer virus of German origin has flared again, this time dumping torrents of right-wing messages and Web site links into e-mail inboxes worldwide.
Sober.Q and its variants did not ignore Utah Internet service providers (ISPs), and by Monday were accounting for the majority of messages queued up in many e-mail accounts.
"It doesn't appear to be doing any real damage, but irritating? You're not kidding," said Pete Ashdown, president of Xmission, a Salt Lake City-based ISP. "I've had 150 of these messages today myself."
Xmission technicians were busy adjusting
their network's spam filters or helping customers activate and set their own e-mail program's anti-virus applications.
That the worm is spreading from myriad e-mail accounts made the task harder, but not impossible.
"They do seem to be using a network of pre-zombied personal computers [PCs previously compromised by spammers]," Ashdown said. "But filtering isn't all that difficult since they are sticking pretty much to the same subjects and other repeating contents, including the similar URLs [Internet addresses] they include."
A worm is a program that copies itself from one disk drive to another, or
copies itself using e-mail or another transport. It can be activated when an infected e-mail is clicked on by the recipient, resulting in the worm being retransmitted from the unsuspecting user's PC.
However, Alfred Huger, senior director of engineering for Symantec's security response branch, said Sober.Q differs from most worms by having a political agenda - one apparently carefully planned, with previous versions of the worm quietly infecting PCs across the globe in advance.
"It certainly seems to be more propaganda than virus," he said, noting that in addition to backlash to the 60th
anniversary of the Allies' victory over Nazi Germany, Sober.Q's xenophobic diatribes struck as the European Union is considering Turkish membership.
The growth of the Turkish minority within Germany in recent years has generated rising anti-Muslim sentiment and calls for immigration restriction.
Symantec (http://security response.symantec.com), McAfee (www.mcafee.com) and other anti-virus companies are offering free Sober.Q removal programs to those infected with the worm.
The messages arrive with subject headers and text in either German or English. Web site links are included for a variety of German nationalistic organizations,
among them the National Democratic Party.
Indeed, the nature of the messages themselves, not the worm, is the more serious threat, according to Vincent Gullotto, vice president of McAfee's AVERT program. "The spam it generated is about as dangerous as it gets," he said.
The best way to fight Sober.Q?
Keep your anti-virus software up to date - and exercise caution.
"Don't trust most any e-mail today and especially if it has an attachment," Gullotto said. "Simply delete or verify the message is authentic with the person who supposedly sent it to you."
bmims@sltrib.com
|
|
|
|
|
RETURN TO TOP