florian schneider on Sat, 21 May 2005 11:22:01 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> neonazis go spam

from: susanne lang <slang@kein.org>
published at: http://idash.org/


Since the weekend May 14th/15th, many internet users had to notice their
inboxes were flooded with some rather unusual spam, carrying neofascist
propaganda. Most of these spam mails are containing one or several links
to web sites of the NPD, Germany's major radical right wing party, even
though some mails also link to articles by the mainstream press, such as
Der Spiegel, FAZ or Heise Online. The headers of the spam mails are
forged, so one should not assume the sender of the spam mail to be
related to the email adresses that appears - bounces show that many
explicitely anti-racist or anti-fascist domain names have been forged in
order to send out neonazi spam.

Right now there are 72 different variations of the neonazi spam - in
German and in English, as reported at GrabaGeek
<http://www.grabageek.net/modules/news/article.php?storyid=487> many
being related to the 60th anniversary of the end of World War II in
Europe. Another suspected reason for the spamming may be the elections
Northrhine-Westfalia that are happening on Sunday. The worm's author is
most likely a neofascist sympathizer and doesn't consider himself as a
spammer, but is motivated by ideology instead, as pointed out in this
article at Reuters

As Heise <http://www.heise.de/english/newsticker/news/59588> reports,
the e-mails are sent via computers infected with a bias containing a
backdoor. Apparently, this seems to be the 15th version of a virus
called "Sober" - now being active in version "Sober.Q" and "Sober.P".
This virus has emerged in 2003 and became known lately in hiding in spam
messages, promising soccer World Cup tickets and delivering the virus

In general the virus is not damaging your computer, but seriously
consuming bandwith and continously updating itself. After having
infected a computer, the virus is contacting webservers and loading new
programms, sending out emails with different messages, such as
neofascist Propaganda, or even trying to take down certain websites,
through Denial-of-Service-Attacks (DoS). A serious damage then happens
if the virus is widespread and heavy spamming at the same time. This was
the case on Monday in South African networks, where 84% of the available
e-mail bandwith was used up by spam, as finance24.com
Nav=ns&lvl2=comp&ArticleID=2-13-1443_1706222> reported.

To get rid of the virus is actually very easy - you only need to detect
it and delete it. It is strongly suggested to update your antivirus
software as soon as possible, but before Sunday, as the virus is
expected to load new programms on Monday 23rd of May. According to
Heise.de <http://www.heise.de/newsticker/meldung/59729> it is not known
yet what will change in the behavior of the virus. It is possible that
the message of the text will change, but it is also possible that the
infected computer will be used as a bot in order to attack certain
webservers. If you need help finding antivirus support, check the
<http://www.heise.de/security/dienste/antivirus/>Anti-Virus sites of

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net