Risk: Medium
A new variant of the Sober email worm series is spreading rapidly across the net. Like previous variants, Sober-N spreads as an infected ZIP attachment to messages written in either German or English.
Infected emails pose as a message from a net user who claims to have received the intended victim's email in error in a bid to fool users into opening an attachment containing malicious code. The worm composes messages with subject lines such as "I've_got your EMail on my_account!" and "FwD: Ich bin's nochmal" with attachments such as your_text.zip (weighing in at 73KB). Sober-N only infects Windows machines.
More than 86,700 emails containing the new Sober-N were sent to UK businesses in the first few hours of the worm's existence, according to email security company BlackSpider Technologies. Most anti-virus vendors rate Sober as a medium-risk worm. Sober-N is the fourteenth incarnation of the worm, which was first seen in October 2003.
Standard defence precautions against viral attacks apply in defending against Sober-N: corporates should consider blocking executables at the gateway and update anti-virus signature definition files to detect the virus. Home users should also update anti-virus tools and resist the temptation to open suspicious-looking emails.