Spreading well throughout the European region, a new variant of the Sober worm appeared on the Internet on Friday morning and is still going strong. The Sober.J worm arrives in an e-mail message that appears to be a returned-mail error message, telling the user that an e-mail sent earlier has bounced. An infected attachment file which generally has a .zip, .bat or .com extension is included, and the mail has a subject line that reads:

Delivery_failure_notice
Faulty_mail delivery
Mail_delivery failed

Open the attachment and you will see a fake error message saying that a portion of the WinZip software is missing. You will also infect your hard drive with two copies of the worm, which will sit in your Windows system folder and create several registry keys to ensure it will be run on startup. It will also search for e-mail addresses on the infected machine. It then begins mailing itself to all of the addresses it finds.

We recommend that you patch your system with the latest anti-virus definitions, and that you do not open attachments from any unknown or untrusted source.