A new variant of the Sober worm, which appears to have originated in Germany, has spread to France, the UK and the US in a matter of hours and is now attacking computers in Europe and the US. This mass-mailing worm, which spreads itself via e-mail using contacts listed in the address books of computers it infects, may have been created by the same hacker that wrote the first version of the Sober worm.
W32.Sober-K-mm spreads itself as an e-mail attachment and creates random subject lines and body texts in either English or German, depending on the e-mail addresses it gathers. Subject lines observed so far include "Alert! New Sober worm," "Paris Hilton Sex Videos," "You visit illegal websites" and "Your new Password," according to MessageLabs..
The worm can also generate fake messages that try to fool the recipient into opening the attached .zip file. Some e-mails purport to be from an anti-virus company offering a security patch against a new version of the Sober worm. Others pretend to be from the FBI and include an attachment labelled "indictment."