• silicon.com
• Technology
• Security

By Joris Evers, 8 December 2005 14:35

NEWS

A new outbreak of Sober may be coming, security experts have warned, even as email systems worldwide work to get rid of the last infestation of the mass-mailing worm.

The next attack is hard-coded in the version of Sober that hit the net on 22 November, iDefense, part of VeriSign, said in a statement on Wednesday. Infected machines are set to download instructions and potentially mail out a new wave of Sober emails on 5 January, the security company said.

That leaves internet users with less than a month to shore up their defences against Sober, which was the most prolific worm in 2005, security experts at iDefense said.

iDefense said: "The attack could have a significant detrimental effect on internet traffic, as email servers are flooded."

The possible outbreak could be stopped, said Mikko Hypponen, chief research officer at Finnish antivirus company F-Secure. The worm is set to download instructions from a number of sites hosted on the systems of free web space providers. These are located mostly in Austria and Germany, he said.

Hypponen added: "These free website hosters should be able to block those specific URLs this virus is trying to download from in January, so with any luck nothing will happen. There is plenty of time for the internet service providers and the antivirus people to act."

The latest Sober variant is still causing headaches for email users. Microsoft last week said the load of infected messages is causing an unspecified delay for mail sent to its Hotmail and MSN email services. Sober accounted for almost 40 per cent of all the viruses stopped by F-Secure on Wednesday, Hypponen said.

The Sober family of mass-mailing worms appears to be the work of a German speaker or group of German speakers, iDefense said. Nearly 30 variants of the worm have surfaced since October 2003, the company said.

Sober arrives as an email with a malicious attachment. The text of the email can vary and can be either in German or English. Some Sober emails have included Nazi propaganda, while others posed as messages from the CIA, the FBI and the UK's National High-Tech Crime Unit.

iDefense believes a 5 January attack may be spreading more Nazi propaganda. The date coincides with the 87th anniversary of the founding of the Nazi party.

Joris Evers writes for CNET News.com