The new variant has been widely seeded in the early hours of this morning, and though relatively simple, its sophisticated social engineering is expected to fool many.
"It only uses two different messages, in English and German, but what makes it worse than other variants is the social engineering is really good," said Patrik Runald, senior technology consultant at Finnish anti-virus company F-Secure. "Most people will be interested in what the message has to say."
The message claims that someone else has been receiving emails from the user and wants it to stop happening. It then encourages the user to open an attachment to read the email in question. The attachment is, of course, the Sober worm.
"We believe it originates in Germany," said Runald. "The English language version is not that great, but the German version is spot on, it's already spreading there."
In February SC reported the Sober.K worm was sending out emails claiming to be from the FBI. The FBI warned users to be wary of bogus emails.