A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

« Acne spammers get AOL blacklisted | Main | Spammer domains up for auction »

May 17, 2005

Spammer.Readme

The various news reports on Sober-Q have fixated on the propagandistic, neo-Nazi messages it generates . But I think there's a funny aspect of the worm that's escaped the media's attention -- maybe because it's too much of an inside joke.

Both Kaspersky and Sophos (and maybe other anti-virus firms) have noted that Sober-Q places a small text file, spammer.readme.txt, on the hard drive of infected hosts. It contains the following text:

http://i-newswire.com/pr19707.html http://www.ebcvg.com/press.php?id=965
Ich bin immer noch kein Spammer! Aber sollte vielleicht einer werden :)
In diesem Sinne

The two hyperlinks are to separate copies of a May 2005 press release from FrontBridge Technologies, a California e-mail management firm. The FrontBrige PR warned that computers infected by a precursor, Sober-S, were "being transformed into spambots."

The stuff in German, apparently from the worm's author, translates to, "I am still not a spammer! But perhaps I should become one. In this sense."

I'm not quite sure how to interpret the file's contents. It could be Sober-Q's author telling commercial spammers that his collection of infected PCs is not available for rent as spam proxies.

Then again, he could just be taking a swipe at FrontBridge for trying to create FUD (fear, uncertainty, and doubt). After all, I'm not aware of any evidence that computers infected with Sober-S (or any of the earlier variants of Sober) have been used as spam proxies. To my knowledge, the only "spam" (and I'm using the term loosely) that's emanated from them is the neo-Nazi stuff of the past few days.

Either way, Spammer.Readme.txt seems to fly in the face of all the worries that mercenary virus writers are collaborating with spammers and frenetically releasing worms designed to generate revenue as spam proxies.

Posted by brian at May 17, 2005 10:44 PM

Comments

Gosh. I don't know what I find worse: virus writers selling zombies or Nazis writing viruses.

There's another funny aspect about those Nazi mails, by the way. Altough those idiots want all foreigners removed from Germany and they preach German this and German that, they aren't able to correctly spell in German. Their spam mails are full of spelling errors. Not typos, but actually errors that tell me that they have no clue about German spelling. Quite ironic, I think.

Posted by: Manni at May 18, 2005 5:06 AM

As I read the German text, I reach a very different conclusion from yours. It appears to be targeted squarely at the spammers: "Look what I can do; would you like me to do it for you ?".

Posted by: Paul at July 1, 2005 1:22 PM

 

Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: