On Sun, May 15, 2005 at 10:59:12AM -0500, Steven Stern wrote:
I received about 500 on the webmaster account.
Now we know what "sober" was all about.
I see *no* connection to any Virus or Trojan!
I got about 200 of them into a few accounts and seemingly I'm receiving more every few minutes.
BUT I do *not* think it is more than 'Propaganda'! It mostly is just one URL of a genuine Article of a german Newspaper (only the 'collection' of Articles and tendency of subject making it 'political').
No attachments seem to be sent and our Mail-filter would have 'eaten' anyway all the current Sober-Viruses/Variants. (I'm pretty sure about that, I'm its admin)
Stucki (postmaster at math/inf/mi.fu-berlin.de)
Look at your AV logs of those sending sober.p and look at the connections sending the german political spam. you will start to see a connection. In fact I'm going through my logs right now finding the hosts which sent sober.p and starting to block those because they so far seem to be the main ones sending the political spam
