A variant of the Sober worm is using a host of different lures - including free access to Paris Hilton sex videos - to tempt users into spreading it.
The mass-mailing Sober-K worm first appeared on Monday and initially proved relatively widespread, says Brett Myroff, CEO of local Sophos distributor Netxactics.
"The W32/Sober-K worm bulk-mails itself using a variety of different subject lines including 'Paris Hilton, pure!` and 'Paris Hilton SexVideos`. It can send itself in either German or English, depending on whether it believes the recipient`s e-mail address to be owned by a German- or English-speaker.
"The Sober-K worm has been the third most commonly sighted e-mail virus in the last 24 hours, accounting for over 10.2% of all reports," adds Myroff.
Users should also look out for messages pretending to be warnings of a new worm, such as "Alert! New Sober Worm!", but it is the lure of porn that is most likely to enable the worm to spread, says Sophos senior technology consultant Graham Cluley.
"It`s an old trick but sadly it still often works - disguise your worm as hardcore porn and there are likely to be some computer users who will throw common sense out of the window and launch the dangerous file," says Cluley.
"Paris Hilton is, according to some search engine companies, the most commonly searched-for female celebrity on the Internet. Interest in her is huge, so it`s no surprise that virus writers have tried to use her as bait."
The worm has also caught the FBI`s attention, as it is able to spoof addresses from the agency. According to Symantec`s Security Response site, the worm has already spoofed addresses such as OFFICER@FBI.gov and Admin@FBI.gov.
The worm is expected to taper off as more security vendors make patches available.
Related stories:
New worm carries porn warning
Sober hits hard, phishing attacks soar
Sober worm a slow starter?
Share