I've written before about the collusion between virus writers and spammers
and how viruses can be used to broadcast spam
. Now, if anyone still has doubts, I offer the latest round of Sober.p
and Sober.q viruses as examples. About a week ago, e-mail in-boxes around the world started to melt down with German-language e-mail containing either long rants or links out to German-language Web sites. Was it spam? Was it a virus attack? Turns out, it was both.
The spam attack actually started a week or so before, with the Sober.p making its rounds as an e-mail virus promising recipients a chance to get World Cup soccer tickets. This latest virus attack then used a bootstrap effect: computers already infected with Sober.n or Sober.p were then updated with Sober.q. Sober.q was used by someone (maybe the virus author or maybe he sold it to someone else) to broadcast spam. In this case the spam was hate mail.
Viruses that espouse varied political statements have been around for years. Often, though, they've been merely teases, with provocative subject lines or images and infected attachments. Sober demonstrates an easier way to get your message across: actually say what you want to say in the body of the e-mail, then say it often.
About a week ago, in-boxes around the world started to melt down with German-language e-mail. Was it spam? Was it a virus attack? Turns out, it was both.
Most of the spam generated by Sober.q consisted of right-wing, nationalistic messages sent in advance of the German elections in North Rhine-Westphalia on May 22, 2005. The long rants discussed ethnic and economic problems facing Germany as viewed through a very narrow lens. Some e-mail messages discussed World War II. The links provided in other e-mail directed you to sites containing similarly skewed information, but in some cases, the links might have taken you instead to a virus-infected Web site, which in turn also infected your computer with Sober.q. A few of the spam links went to news articles discussing the current outbreak of the Sober virus. According to the antivirus company F-Secure, the virus writer also included a line of text within the virus that translates to "I am not a spammer, although I might become one," feebly demonstrating a sense of humor.
Make love not war
But the attack on e-mail servers worldwide wasn't funny. For residents in the United States, e-mail began hitting late in the day on Saturday, May 14, 2005, continuing steadily through Monday, May 16, 2005. At its peak, midmorning on Sunday for me, my own Outlook Inbox registered two hits every minute for nearly an hour. Fortunately, I had cleaned out my in-box on Friday, but by Sunday night, my Outlook was groaning under the weight of all the e-mail in my spam filter. More than once, I had to purge my spam filter and reboot Outlook in order to send and receive e-mail.
For every one person who has antivirus and firewall protection, there are many more who do not or who don't keep their protection software current.
Imagine, though, if these messages had discussed Tony Blair's recent reelection in the United Kingdom or the current filibuster fight in the U.S. Senate. Coming into work on Monday to find that those who oppose your opinions politically had managed to shut down your e-mail service, I think, would ignite passion from even the most mild-mannered among us. What if you agreed with the messages but still found yourself without serviceable e-mail? I would think you wouldn't feel good about that either, even though you had nothing to do with the attack.
So there's this blitzkrieg of German hate mail, then nothing. As of Tuesday, May 17, 2005, Sober.q stopped spewing hate and started the upgrade process once again. The upgrade process is something that is hard-coded into the Sober virus, and it allows the virus writer to tweak and perfect his code with a new iteration. As we saw in 2003 with Sobig.f, however, it's a game of Russian roulette: there may not be another version of Sober; then again, the next version could be even worse.
I don't have any pat answers here. For every one person who has antivirus and firewall protection, there are many more who do not or who don't keep their protection software current. So long as there are unprotected computers on the Internet, there will be viruses--and now, spam. I hope that repeat offenders (there are more than 16 variations of the Sober virus alone, for example) will make it easier for law enforcement to piece together clues and ultimately arrest the individuals responsible, but so far, that hasn't happened.
How would you react if a political or religious group blasted your in-box with virus-spawned spam? Talk back to me!