Page last updated on Thursday, December 8 2005 at 0900 UK

Malicious Code used to Further Political Cause

The latest outbreak of the Sober mass-mailing worm suggests an increase in the use of viruses as propaganda tools

The threat of so-called 'hacktivism' - using malicious software to further a political cause - is continuing to grow according to recent reports by computer security experts.

The warning comes following the latest outbreak of the infamous Sober worm, a mass-mailing virus which arrives on a user's PC as an e-mail attachment and spreads by quietly copying itself to contacts stored in the user's address book.

The modus operandi of the Sober worm is nothing new but the scale of infection is much greater than for previous threats of a similar nature. In a sinister twist, experts believe that the worst is yet to come after reverse-engineering of the viral code suggested that it will automatically download additional software onto infected PCs on January 5th 2006. The nature of the download is unknown but this date marks the anniversary of the founding of the Nazi party and the eve of a major German political convention.

It seems that few companies are immune to effects of virus propagation. Last month, the United States Federal Bureau of Investigation (FBI) warned users not to open an attachment in an e-mail purportedly coming from the agency. The attachment in question was, in fact, the Sober.z worm ready to infect computers and deliver its payload.

This is the second such instance of the FBI becoming the target of a Sober attack. In February, the Sober.k worm used the same method as its descendant to distribute viral code. In this case, e-mails claimed that the FBI had tracked user visits to illegal Web sites and requested they open the attached file.

Like other worms, Sober.z is designed to disable the security software that could prevent its spread. It then scans the user's PC for e-mail address, delivers a copy of itself to those addresses and then hides code on the user's computer.

Its pervasiveness has led many security vendors to put Sober.z at the top of their threat rankings for this month but despite it's apparent durability, the spread of the worm can be halted and it's viral code removed from user's PCs.

"The Sober family may seem as hard to exterminate as a colony of cockroaches, but they can be stopped from infesting a network if users remain vigilant when facing unsolicited emails" said Carole Theriault, spokeswoman for the security vendor Sophos.

Anti-virus vendors have released tools to detect and combat the latest Sober variants and recommend users update their software to remove the threat. In the meantime, extensive efforts are being made across the e-security industry to shutdown servers which could be used to distribute the additional code on January 5th.

by Thomas Moore, TKM's Director of Computer Forensics

Take a look at the profile of the Sober virus by Symantec and McAfee.

Print page Print this article