[Dshield] "Your IP was logged" Spam/Virus

Wayne Beckham securityguy at dslextreme.com
Wed Nov 23 13:33:17 GMT 2005


We're getting banged on here - thousands and thousands of hits.

http://www.f-secure.com/weblog/archives/archive-112005.html#00000715

"We just took Sober.Y to a Radar Level 1 alert. Level 1 is the highest alert
we have. And this is the first Level 1 alert we've done in months.

Several millions of infected emails have been seen by internet operators
over the last hours.

One of the reasons why this email worm seems to be so successful in
spreading is that some of the messages it sends are fake warnings from FBI,
CIA or from the German Bundeskriminalamt (BKA). FBI has even put out a a
public warning on the case.

First Sober was found in October 2003, over two years ago. We believe all 25
variants of this virus have been written by the same individual, operating
from somewhere in Germany. Unlike most of the other widespread viruses
nowadays, Sober doesn't seem to have a clear financial motive behind it.

Some Sober variants have displayed neo-nazi messages, but the latest version
of the virus does not do this. However, all Sober variants send German
messages to German email addresses and English messages to other addresses.

The numbers we're now seeing with Sober.Y are just huge. This is the largest
email worm outbreak of the year - so far!"




More information about the list mailing list