Two new incarnations of the Sober worm are spreading in large numbers, infecting home and business PCs around the globe.
Infections from the latest W32/Sober-N and W32/Sober.P worms began late Monday and have been bombarding machines with e-mails generated internally by the worms.
Sophos said the Sober-N worm accounts for about 70 percent of all the virus reports the company has received since yesterday. The worm is sent in an e-mail and only activated when the enclosed file attachment is clicked on. The virus then searches for all e-mail addresses on the infected computer and sends a copy of itself to each address. The e-mails are sent out until the worm is eradicated.
The fake e-mail says that someone has obtained account and password information for an unnamed account and tells the user to click on the attached file to find out what information has allegedly been stolen. In German-speaking countries, it says someone has won tickets to the upcoming 2006 Soccer World Cup events. The attached files are named mail_info.zip, account_info.zip or our_secret.zip and sometimes also include the word "error" in the file name.
Sophos and other major antivirus vendors have already updated their anti-virus software to prevent the worm from getting into a PC and have created tools to remove it once a machine is infected.
The first Sober worm, Sober-A, was circulated in October 2003 and has been followed by a string of variants.