Subscribe
About

German spam invades SA

By Damian Clarkson, ITWeb junior journalist
Johannesburg, 16 May 2005

South African inboxes have been flooded by massive amounts of German e-mail, believed to be the result of a Sober variant outbreak.

The variant is unlikely to cause any harm to a user's PC, but is causing headaches by consuming high levels of bandwidth, says Symantec Africa regional manager Patrick Evans.

"We have seen over the past 36 hours that network performance and bandwidth availability have been severely compromised in SA due to the traffic caused by the mass mailing of this worm."

Many local organisations are experiencing maximum bandwidth utilisation, compared to levels of 5% capacity seen on an average Sunday, says Evans. "This means that most corporate servers will experience difficulty in managing regular volumes of e-mail in addition to increased spam levels on Monday, 16 May."

The spam outbreak was timed to go off simultaneously around the world at 2am South African time, says Evans. "It seems to have taken up a high level of local SMTP bandwidth, up to 90% at times."

Local spam levels have been up to six times higher than usual at times, adds Evans. Spam levels are likely to drop off by the end of today.

An interesting aspect of the outbreak is the fact that many of the top addresses sending out the spam are local, says Evans. "Looking at the top 50, 36 are local addresses, and it is a similar story around the globe. For example, in Australia you will find that many of the top addresses are Australian. This is something we have never seen before."

Symantec partner AntiSpam Africa attributes this to a large number of South African PCs, infected with Trojan Horses and potentially part of a nationwide bot network, sending spam via local enterprise and corporate domain servers. Traditionally, SA receives spam from various international sources making this a unique threat, as local domains are the source.

The fact that most of the spam arrives with German or German-related subject lines does not mean Germany is becoming a key player in sending spam, says BitDefender Romania technical support engineer Robert Panduru.

He believes a German office or partner was recently infected with a mass mailer, which started to send out e-mails to all the people whose e-mail addresses were stored on the infected computers.

Share