On CHOW: WEDDING tips - from food to booze

Search:
Go!


Today on CNET
Reviews
News
Downloads
Tips & Tricks
CNET TV
Compare Prices
Blogs
Cell phones| Desktops| Digital cameras| Laptops| MP3 players| TVs| All Categories


Click Here
advertisement

Security Watch : Don't get burned by viruses and hackers
Why the Sober virus is still messing with your PC
E-mail to a friend
Send us feedback
TalkBack
TalkBack:
Add your opinion
By Robert Vamosi 
Senior editor, CNET Reviews
May 20, 2005

I've written before about the collusion between virus writers and spammers and how viruses can be used to broadcast spam. Now, if anyone still has doubts, I offer the latest round of Sober.p and Sober.q viruses as examples. About a week ago, e-mail in-boxes around the world started to melt down with German-language e-mail containing either long rants or links out to German-language Web sites. Was it spam? Was it a virus attack? Turns out, it was both.

Patience
The spam attack actually started a week or so before, with the Sober.p making its rounds as an e-mail virus promising recipients a chance to get World Cup soccer tickets. This latest virus attack then used a bootstrap effect: computers already infected with Sober.n or Sober.p were then updated with Sober.q. Sober.q was used by someone (maybe the virus author or maybe he sold it to someone else) to broadcast spam. In this case the spam was hate mail.

Viruses that espouse varied political statements have been around for years. Often, though, they've been merely teases, with provocative subject lines or images and infected attachments. Sober demonstrates an easier way to get your message across: actually say what you want to say in the body of the e-mail, then say it often.

About a week ago, in-boxes around the world started to melt down with German-language e-mail. Was it spam? Was it a virus attack? Turns out, it was both.

Most of the spam generated by Sober.q consisted of right-wing, nationalistic messages sent in advance of the German elections in North Rhine-Westphalia on May 22, 2005. The long rants discussed ethnic and economic problems facing Germany as viewed through a very narrow lens. Some e-mail messages discussed World War II. The links provided in other e-mail directed you to sites containing similarly skewed information, but in some cases, the links might have taken you instead to a virus-infected Web site, which in turn also infected your computer with Sober.q. A few of the spam links went to news articles discussing the current outbreak of the Sober virus. According to the antivirus company F-Secure, the virus writer also included a line of text within the virus that translates to "I am not a spammer, although I might become one," feebly demonstrating a sense of humor.

Make love not war
But the attack on e-mail servers worldwide wasn't funny. For residents in the United States, e-mail began hitting late in the day on Saturday, May 14, 2005, continuing steadily through Monday, May 16, 2005. At its peak, midmorning on Sunday for me, my own Outlook Inbox registered two hits every minute for nearly an hour. Fortunately, I had cleaned out my in-box on Friday, but by Sunday night, my Outlook was groaning under the weight of all the e-mail in my spam filter. More than once, I had to purge my spam filter and reboot Outlook in order to send and receive e-mail.

For every one person who has antivirus and firewall protection, there are many more who do not or who don't keep their protection software current.

Imagine, though, if these messages had discussed Tony Blair's recent reelection in the United Kingdom or the current filibuster fight in the U.S. Senate. Coming into work on Monday to find that those who oppose your opinions politically had managed to shut down your e-mail service, I think, would ignite passion from even the most mild-mannered among us. What if you agreed with the messages but still found yourself without serviceable e-mail? I would think you wouldn't feel good about that either, even though you had nothing to do with the attack.

And then…nothing
So there's this blitzkrieg of German hate mail, then nothing. As of Tuesday, May 17, 2005, Sober.q stopped spewing hate and started the upgrade process once again. The upgrade process is something that is hard-coded into the Sober virus, and it allows the virus writer to tweak and perfect his code with a new iteration. As we saw in 2003 with Sobig.f, however, it's a game of Russian roulette: there may not be another version of Sober; then again, the next version could be even worse.

I don't have any pat answers here. For every one person who has antivirus and firewall protection, there are many more who do not or who don't keep their protection software current. So long as there are unprotected computers on the Internet, there will be viruses--and now, spam. I hope that repeat offenders (there are more than 16 variations of the Sober virus alone, for example) will make it easier for law enforcement to piece together clues and ultimately arrest the individuals responsible, but so far, that hasn't happened.

How would you react if a political or religious group blasted your in-box with virus-spawned spam? Talk back to me!

Security Center
Top antivirus apps
From CNET Reviews
Top antispyware apps
From CNET Reviews
Virus and security alert forums
From CNET Message Boards




5/13/05
Is your Toyota Prius safe from computer viruses?

5/6/05
Why virus writers still do what they do

4/29/05
The flip side of phishing

More commentary


More commentary
Buzz Report
Molly Wood
Taking a bite out of hype.
Security Watch
Robert Vamosi
Don't get burned by viruses and hackers.
Fully Equipped
David Carnoy
The electronics you lust for.
On Call
Kent German
Solutions for your wireless woes.
Driving It
Wayne Cunningham
What's hot and what's not in car tech.

TalkBack
7 messages

Article discussion: Security Watch: Why the Sober virus is still messing with your PC

Post a comment

Latest post:

"Viruses"
by Shig2k1 (See profile) - December 5, 2005 4:56 AM PST
Having moved my primary OS from OSX to windows recently (a move I couldn't avoid due to Apple's high prices and incompatability with the .Net framework); I have noticed a HUGE diff... (Read more).
Sort by: Title |
Date
| Most helpful

protecting against blended threats/variants

Sober is "still messing with your PC" b/c the traditional approach to virus dete... (Read more)
by neildiamond (See profile) - May 30, 2005 7:21 AM PDT

German SPAM

I receive a barrage of this German language e-mail. Some that I read touched up... (Read more)
by keiling (See profile) - May 26, 2005 7:05 AM PDT

Whitelist

I use Hotmail (stop laughing!) and have it set up to only let those on my Whitel... (Read more)
by mrobinson52 (See profile) - May 25, 2005 3:17 PM PDT

Didn't even pass through xTerminator :-)

While I'm using three essential programs to protect my PC, this one was blocked ... (Read more)
by nevenp (See profile) - May 25, 2005 12:46 AM PDT

' Nasty ' virus and Email

I got the german email, wondered what it was all about, deleted it and carried o... (Read more)
by sbeverid (See profile) - May 24, 2005 7:45 PM PDT

NOD32 2.50.19 & MS Antispyware

Good thing for NOD32...

http://www.nod32.com/home/home.htm

And MS ... (Read more)
by BTJustice (See profile) - May 24, 2005 10:35 AM PDT
Help Center|Newsletters|Corrections|What's New|All Product Reviews|
Search:
Go!

Popular topics: Apple | Antivirus | Cell Phones | Dell | Digital Camera | Firefox 3 | Games | iPhone | iPod | iTunes | Laptops | Norton | PS3 | Verizon | Wii | Xbox 360
CNET.com
About CNET|Today on CNET|Reviews|News|Compare prices|Tips & Tricks|Downloads|CNET TV
Popular on CBS sites: World News | Fantasy Football | Amy Winehouse | Baseball | E3 | Batman | Firefox 3 | iPhone 3G
About CNET Networks | Jobs | Advertise


© 2008 CNET Networks, Inc., a CBS Company. All rights reserved. | Privacy Policy | Terms of Use