The latest variant of the Sober worm is aiming for the top virus of the year spot, with a staggering one in 14 emails containing it, according to the antivirus vendor Sophos.
Around 85% of all viruses reported to Sophos are what the company calls Sober-Z, up from around 60% two weeks ago, says Graham Cluley, senior technology consultant. Right now, Sober-Z ranks as the third most prevalent virus for the year, behind Netsky-P in first position and Zafi-D in number two position, he says.
It first appeared around November 22, using several forms of social engineering to trick users into executing the attachment. Messages purporting to be from the US Federal Bureau of Investigation warn recipients that they have been visiting illegal websites and ask them to read a list of attached questions.
Other versions pretend to be from the US Central Intelligence Agency or offer video clips of Paris Hilton and Nicole Richie from the TV show The Simple Life. While most antivirus vendors have updates that can remove the worm, the “clever” social engineering ploys are still effective, Cluley says.
“I think the problem is there are some people who simply don’t have protected computers and are spewing this out to other people,” he says.
The worm, which is believed to have originated in Germany, scans hard drives for email addresses and also tries to shut off security software, according to Sophos.