The latest incarnation of the Sober worm is inundating inboxes in some countries with an enticement to win tickets to the World Cup soccer tournament in Germany. The email message that carries worm (known as Sober.N, Sober.O, Sober.P, and Sober.S, depending on which anti-virus vendor database you check) could also arrive with several other message subjects and message body content.
In all cases the message includes a file which contains the worm. The message also includes a few lines of text that are spoofed to appear as though they come from an anti-virus scanner which claims that the message is virus-free. The self-propagating worm harvests email addresses from a long list of a file types, uses it's own SMTP engine to send copies of itself, attempts to disable Windows Firewall on Windows XP systems, and might delete several files on an affected system based on pattern matching of file names.
Stephen Canale of email sevice provider OnlyMyEmail.com said the spread of the worm represents a 646 percent increase in malware traffic to the company's servers. Canale said that prior to the release of the new Sober worm malware accounted for an average of 0.5 percent of all email traffic---none of which reaches customer inboxes due to the company's mail filtering technology.
Because of the way the latest Sober worm is designed some anti-virus solutions already offered protection against infection before the worm was released. Even so, it's a probably wise idea to download copies of the latest signature files from your anti-virus vendor of choice.
Incidentally, anti-virus vendor Central Command said that May 4 is the five year anniversay of the release of the Love Letter worm. You might remember that the worm arrived via email with a message subject of "ILOVEYOU" where the email message carried a malicious Visual Basic script. The worm was responsible for a tremendous amount of damage as it erased files on infected systems around the world.