Sober worm still swamping email systems

The Sober.P worm is still spreading fast and now makes up 4.65 percent of all emails, according to the latest results from a UK antivirus company on Friday morning.

Sophos said that the worm currently accounts for around 77 percent of all virus activity the company is seeing and is still spreading even though big businesses appear to have patched the vulnerabilities the virus exploits to propagate.

"It's lingering around like a nasty smell and spreading in big numbers," said Graham Cluley, senior technology consultant for Sophos. "It's still at the same level, in that it's 4.65 percent of all email out there. We can't be sure how many people it's infecting, but we think most big business will be protected."

Sophos reported earlier this week that Sober.P appears to turn off Symantec's antivirus protection and the Windows XP firewall, probably as a way of preparing computers to distribute spam and to spread itself wider. "That's probably why it has become widespread so quickly," Cluley said. "[Virus writers] used spam technology to send it out. Now it's just perpetuating."

Sober.P — which security companies have variously tagged as Sober.N, Sober.O or Sober.S — travels as an attachment in emails written in English and German. One of the most widely reported emails contains an alluring message stating that the recipient has won free tickets to the 2006 World Cup in Germany, but many other types have also been spotted. Once opened, the virus sends itself to email addresses harvested from the infected machine.