A new variant of the Sober worm is mass-mailing itself across the world and has raced to the top of most virus charts.
The worm - labelled Sober.o or Sober.n - first surfaced sometime on Monday, and has proved extremely widespread, accounting for up to 70% of all international e-mail traffic, says Brett Myroff, CEO of local Sophos distributor Netxactics.
"It is spreading rapidly and serves as the usual wake-up call. There`s complacency and then we get wacked."
Symantec AntiSpam Africa GM Philip Arnold says it scans around 500 000 e-mails per hour locally, more than half of which are Sober variants.
The variant uses its own SMTP engine to proliferate via e-mail and create outgoing messages from a spoofed sender`s address that may use the words "admin", "info", "postmaster" and "Web master".
NOD32 SA CEO Justin Stanford says infected messages can arrive in both English and German, and feature a wide array of subject lines, including "your password", "registration confirmation", "your e-mail was blocked" and "mailing error".
"Once the attachment is executed, Sober harvests e-mail addresses from local files and uses the addresses to send itself out to other computers, and also attempts to delete various files on the system," says Stanford.
Once a computer is infected, the virus locks the files in the system`s memory so they cannot be easily detected or removed by anti-virus products, he adds.
The world cup of scams
The latest variant also contains an element of social engineering. When sent in German, it can also appear as an e-mail from FIFA - the international football association - saying the recipient has won free tickets for the 2006 football World Cup in Germany, says Myroff.
"Many people will be eager to attend one of the biggest sporting events in the world next year, and may think it`s worth the risk of opening the e-mail attachment just in case the prize is for real."
The latest variant is noteworthy in that a higher percentage of messages appear to be sent from private e-mail addresses. Myroff says this can be attributed to the fact that companies are becoming more vigilant in protecting themselves from virus attacks, while many private users remain vulnerable.
Related stories:
Beware of Sober variant, MMS worm
Are virus writers working together?
Humans still the weak security link
Share