According to Sophos, the Sober mutant now accounts for a staggering one in 17 of all emails travelling across the internet. The Sober-Z worm sends itself as an email attachment and attempts to turn off security software on the user's computer.
This data was corroborated by secure email firm Email Systems, which reports that, since the virus first struck at approximately 2 p.m. EST last Monday, the amount of viruses being sent per hour has approximately tripled. The company believes that the severity of the outbreak indicates that this particular strain of Sober virus has been written to rapidly exploit the so-called 'zero hour' holes in anti-virus security software.
The worm lures innocent computer users into opening its infected attachments using a variety of tricks that include posing as an FBI or CIA agent with attached questions to be answered, and a phoney offer of Paris Hilton and Nicole Richie video clips from "The Simple Life." Instead, in the case of every Sober-Z attachment, the zip file contains a copy of the worm with the filename "File-packed_dataInfo.exe". The worm then scans the user's hard drive for email addresses, in its search for other computers to infect.
A typical email message sent by the worm takes the following form:-
"From: (Harvested address)
Subject: hi, ive a new mail address
hey its me, my old address dont work at time. i dont know why?!
in the last days ive got some mails. i' think thaz your mails but im
plz read and check ...
"The sheer rate at which this worm is spreading proves that the devious tricks used by the worm's creator are working," said Graham Cluley, senior technology consultant at Sophos.
"This should be a wake up call to businesses across the globe as to the major level of threat that viruses pose to IT security. It's absolutely imperative that all organisations defend their networks from such attacks with a consolidated solution."
Neil Hammerton, CEO of Email Systems, added: "This is one of the worst viruses to strike in some time, spreading extremely rapidly. Although AV updates are actually now available from the major software vendors, it seems as though this particular variant managed to quickly grab a sufficiently large foothold to continue to propagate once the fixes were unveiled."