|
MX Logic Issues Threat Alert on Sober.q Mass-Mailing Worm
Sober.Q Leverages Earlier Worm Variant to Distribute Hate-Filled Spam Messages
DENVER- May 16, 2005 - MX Logic, Inc., a leading provider of innovative email defense solutions that ensure email protection and security for enterprises, service providers, government organizations, resellers and their customers, issued a threat alert on W32/Sober.Q the latest variant of the prolific Sober worm. MX Logic first detected the Sober.N worm early the evening of Saturday, May 14 and began blocking it immediately on behalf of its 4,100 customers worldwide. As of 10:30 a.m. MT Monday, May 16, the MX Logic Threat Center had seen over 425,000 email messages infected with the virus and reported that the worm accounted for 1 in 150 emails.
Sober.Q is a mass-mailing worm which leverages PCs infected by the W32/Sober.N worm (aka W.32/Sober.P@mm, W.32/Sober.O@mm, and W.32/Sober.S@mm) in order to send out spam messages. Sober.Q uses German and English language messages that contain URLs to websites with right-wing German nationalistic content. One of the URLs points to the home page of Germany's right-wing National Democratic Party (NPD).
"Spam has been traditionally regarded as annoying messages that promote Viagra, porn and low cost mortgages," said Scott Chasin, CTO, MX Logic. "But for the past year we have seen a trend in which worm authors are using spam not to hawk goods, but as a tool for political propaganda."
The spread of the hate mail spam messages coincides with ongoing celebrations in Germany and commemorating the 60th anniversary of the end of World War II in Europe. Examples of Sober.Q subject lines include:
Multi-Kulturell = Multi-Kriminell (Multi-culturally = multi-criminally)
Dresden 1945
The Whore Lived Like a German
Du wirst zum Sklaven gemacht!!! (You are made slaves!!!)
Blutige Selbstjustiz (Bloody Self Law)
4,8 Mill. Osteuropaeer durch Fischer-Volmer Erlass (4.8 Mill. East European from Fischer Volmer decree)
Armenian Genocide Plagues Ankara 90 Years On
In June 2004, MX Logic reported the first use of a spambot network to disseminate purely political spam. The June 2004 outbreak was also the result of a Sober variant (Sober.H). Spambots harvest email addresses from the Internet in order to build mailing lists for sending spam. A spambot can gather e-mail addresses from Web sites, newsgroups, special-interest group (SIG) postings, and chat-room conversations.
Sober.Q Leverages Sober.N Proliferation to Send out Spam
Sober.Q is being downloaded by computers that were infected by Sober.N. The Sober.N mass-mailing worm first appeared on May 2 and tricked recipients into thinking they had won tickets to the 2006 World Cup Soccer tournament. During the height of the Sober.N outbreak, MX Logic reported that 1 in 7 email messages it processed were infected with the worm and it accounted for 88 percent of all virus-infected email traffic through the MX Logic Threat Center. However, unlike its predecessor, Sober.Q only spreads the German hate spam messages and does not replicate itself, as Sober.N did.
"Sober.Q appears to be downloaded by machines infected by Sober.N," said Chasin. "If this is the case, the Sober.N author or authors could have remote command-and-control capabilities over a large network of infected machines. This network would provide not only a megaphone to distribute messages of hate, but a platform for future spam, worm and denial of service attacks."
MX Logic Multi-Layered, Managed Protection Against Email Viruses and Worms
MX Logic provides a multi-layered, fully managed virus protection that delivers optimum protection from worms and viruses at the Internet level-before they can enter and damage a customer's corporate messaging infrastructure. MX Logic email defense solutions leverage the virus-detection power of three leading anti-virus engines-Authentium®, McAfee® and Sophos®--which are updated every five minutes to ensure the most current virus and worm protection.
In addition to third-party anti-virus engines, MX Logic email defense solutions incorporate the company's proprietary worm-detection technology, which uses sophisticated content behavior analysis to rapidly identify and intercept zero-hour threats-threats that appear before an anti-virus signature is developed to detect them.
MX Logic's multi-layered virus and worm protection frees internal corporate IT resources from managing timely signature updates by shifting the burden of threat management away from the enterprise to MX Logic. MX Logic email defense solutions also allow IT administrators the ability to respond to infected email by choosing to have viruses stripped from incoming email, quarantining infected messages for review, or blocking infected email outright.
About MX Logic
MX Logic, Inc., provides innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, and resellers and their customers. The company's feature-rich solution suite is the industry's most comprehensive, flexible and easy to use.
Founded by messaging industry pioneers, MX Logic has delivered numerous industry firsts to the enterprise spam market, including becoming the first managed service provider to: leverage Bayesian Statistical Classification; provide spam beacon ("Web bug") blocking; offer quarantine management via email; provide corporate-level quarantine release reports that help reduce inappropriate email while decreasing corporate liability; and deliver a solution for tracking URL click-throughs from email to the Web, providing increased corporate control and security.
MX Logic processes billions of messages each month for over 4,100 organizations worldwide including EnCana, Hyundai Motor America, ServiceMaster, The Sports Authority, Verio Inc., and YMCA. In addition, MX Logic is the only email defense company to offer both a managed service, which includes Symantec Brightmail AntiSpamTM, and a turnkey, carrier-grade software solution for service providers. For more information, visit www.mxlogic.com.
return
|
