Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-06-10 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SPAM in German is Still SPAM

Published: 2004-06-10
Last Updated: 2004-06-11 16:09:02 UTC
by Chris Carboni (Version: 1)
0 comment(s)

German Language SPAM
The ISC has received several reports German language SPAM being received in large quantities. Analysis by the ISC's Johannes Ulrich shows the content of the samples received to be political in nature, and seem to have been generated by DSL/Cable connected systems, a possible indication that a virus or botnet is being used to propagate the SPAM.

Of note, one of the e-mails contained the phrase "Comment by the author of Sober"

Update: We captured the malware behind this. It is a version of
Sober. Right now, only one virus scanner identifies it as such. The
version we obtained uses the filename 'datacrypt.exe'.
For More Information
For more information on stopping spam and e-mail issues in general, take a look at the 'e-mail issues' section of the SANS Reading Room located at:

http://www.sans.org/rr/catindex.php?cat_id=19
Keywords:
0 comment(s)
Diary Archives