A FLOOD of German spam messages which invaded local e-mail accounts were yesterday linked to a recent virus which fooled football fans into believing they would receive free tickets to next year's World Cup soccer tournament.

Computer security experts QuoVadis said their filters were now preventing much of the spam from entering, but that they had initially been confused by the nature of the message. Rather than the typical swear words or sexual phrases, the spam contained mostly right-wing propaganda.

"Most spam engines are 'tuned' to stop English-language spam, which accounts for the majority of unsolicited e-mail," explained QuoVadis' Stephen Davidson. "So when the sudden flood of German spam started, it took a while for providers to adjust their filters to take it out."

As reported by online industry newsletter eweek.com, the spam is believed to be linked to the 60th anniversary of the end of World War Two as it includes several references in its subject lines to the 1945 bombing on Dresden and other war-related political themes.

Examples include: and .

Many of the links point to the homepage of the right-wing extremist National Democratic Party in Germany.

"I (was) inundated with reports," said Scott Fendley, an incident handler for SANS Internet Storm Centre, a group that monitors malicious internet activity.

"I think this is the biggest 'Request for Information' ever for us and certainly the busiest Sunday we have had in a while."

Mr. Davidson said that F-Secure Corp., a Finnish anti-virus vendor, had determined the bug was a new variant of the Sober mass-mailing worm first spotted in October of 2003.

Named Sober Q, this week's worm does not include executable attachments, its methods instead resembling those used in June 2004 by an earlier variant, Sober H.

"Our filters are catching a lot of it," he added. "Basically, if a computer gets infected (the virus) takes all of the addresses it finds on that computer and starts firing spam to them. The thing with Bermuda is these viruses that prey upon addresses in your address book tend to affect Bermuda disproportionately because it's a small, closed community ? most people have Bermudians in their address book. A tricky virus or a spammy virus is much more noticeable here."

He explained that the virus was first noticed about a week ago, and was fairly adept at hiding its origins.

"This virus spoofs where it comes from. You may have received it from joenorthrock when in fact it was sent from Jilltransact.bm. This particular one, I think it mixed and matched even the two (German and Bermudian) addresses ? you might have seen guntherXL.

"It was just generating all sorts of random e-mail addresses just to see how far it could go."

Businesses are being urged to adjust their e-mail filters to prevent further penetration.