The recent Sober.AH epidemic could form part of an orchestrated neo-Nazi strategy to saturate mailboxes worldwide with pro-Nazi spam, security experts have warned.
According to analysis of the worm's code conducted by PandaLabs, this malware is designed to connect to numerous servers between the Jan. 5 and 6, 2006, the anniversary of the German Nazi Party's formation.
This could enable it, among other actions, to download a malicious file which could turn computers infected by Sober.AH into zombies, spreading "political" spam.
The theory behind this possible attack is thought to be based on events associated with previous versions of Sober. In June 2004, Sober.H sent emails to thousands of users – mainly German and Dutch – with content such as "what Germany needs is German children," or other racist messages. This attack was related to the following day's elections for the European Parliament.
"We are seeing an increasing number of attacks related to so-called 'hacktivism,' that is, cybercrime with a political slant," said Luis Corrons, director of PandaLabs. "Bear in mind that IT has become a key resource in society and so these kinds of large-scale attacks do not just make waves in the media but can also, depending on the seriousness, have grave consequences at all levels."
Corrons warned that there could still be a "considerable number" of computers infected by Sober.AH. This worm, towards the end of November 2005, caused an Orange Virus Alert due to the number of incidents reported around the world. Even today, it is still one of the viruses most frequently detected by Panda ActiveScan, which underlines the fact that it is still widely distributed.
To prevent a possible attack from Sober.AH, Corrons stresses it must be removed from all infected computers. People should be suspicious, especially where there are computers without sufficient antivirus protection, or where the protection is not updated.
"Remember that Sober.AH caused the most serious epidemic in 2005, and so many computers could have been affected without users realizing it. Such computers will be the ones that carry out a possible attack in January. A computer connected to the internet could become the source of malicious code others users if adequate measures are not taken," said Corrons.