Distribution method of new worm may mean that Sober authors have remote control over thousands of PCs.
Security companies are warning that they received hundreds of thousands of e-mails generated by Sober.Q in its first 24 hours.
Sober is usually a mass-mailing worm that sends a copy of itself to e-mail addresses stored on an infected computer's hard drive. However, during the same week that Germany and Europe celebrated the 60th anniversary of the end of World War II, the latest variant's sole purpose seemed to be to distribute hate mail.
Scott Chasin, chief technology officer at e-mail security specialist MX Logic, said the latest variant of Sober was being uploaded to computers infected by previous variants of Sober, which means the virus authors may have remote control over thousands of PCs.
"Sober.Q appears to be downloaded by machines infected by Sober.P," Chasin said. "If this is the case, the Sober.P author or authors could have remote command-and-control capabilities over a large network of infected machines. This network would provide not only a megaphone to distribute messages of hate, but a platform for future spam, worm and denial-of-service attacks."
Although spam usually tries to advertise products, Chasin said it is now also being used for spreading propaganda.
"Spam has been traditionally regarded as annoying messages that promote Viagra, porn and low-cost mortgages," Chasin said. "But for the past year, we have seen a trend in which worm authors are using spam not to hawk goods, but as a tool for political propaganda."
Last week, antivirus companies warned that the previous Sober variant, which was disguised as tickets to the Soccer World Cup in 2006, had suddenly modified its behavior and stopped propagating. The temporary lull in activity seemed to have been planned by the virus writers in preparation for this latest attack.
MX Logic's threat center has reported seeing more than 125,000 instances of the Sober.Q worm. The company categorized it as a threat with high severity.
Internet security specialist SurfControl reported seeing 1,000 spam e-mails within hours of the initial outbreak. That's about 40 times the usual number, according to the company.