A new outbreak of Sober may be coming, security experts have warned, even as e-mail systems worldwide work to get rid of the last infestation of the mass-mailing worm.

The next attack is hard-coded in the version of Sober that hit the Net on Nov. 22, iDefense, part of VeriSign, said in a statement Wednesday. Infected machines are set to download instructions and potentially mail out a new wave of Sober e-mails on Jan. 5, the security company said.

That leaves Internet users with less than a month to shore up their defenses against Sober, which was the most prolific worm in 2005, security experts at iDefense said.

"The attack could have a significant detrimental effect on Internet traffic, as e-mail servers are flooded," iDefense said.

The possible outbreak could be stopped, said Mikko Hypponen, chief research officer at Finnish antivirus company F-Secure. The worm is set to download instructions from a number of sites hosted on the systems of free Web space providers. These are located mostly in Germany and Austria, he said.

"These free Web site hosters should be able to block those specific URLs this virus is trying to download from in January, so with any luck nothing will happen," Hypponen said. "There is plenty of time for the Internet service providers and the antivirus people to act."

The latest Sober variant is still causing headaches for e-mail users. Microsoft last week said the load of infected messages is causing an unspecified delay for mail sent to its Hotmail and MSN e-mail services. Sober accounted for almost 40 percent of all the viruses stopped by F-Secure on Wednesday, Hypponen said.

The Sober family of mass-mailing worms appears to be the work of a German speaker or group of German speakers, iDefense said. Nearly 30 variants of the worm have surfaced since October 2003, the company said.

Sober arrives as an e-mail with a malicious attachment. The text of the e-mail can vary and can be either in German or English. Some Sober e-mails have included Nazi propaganda, while others posed as messages from the FBI, the U.K.'s National High-Tech Crime Unit and the CIA.

iDefense believes a Jan. 5 attack may be spreading more Nazi propaganda. The date coincides with the 87th anniversary of the founding of the Nazi party.

http://news.zdnet.com/2100-1009_22-...tml?tag=nl.e589

Thanks for the warning Mucks!!!

Gabs xx

how do you stop yourself becoming infected?

I think it's a question of just being extremely careful in relation to what you open - I have had absolutely loads of the current ones trying to get through via email. It takes a while for the various AV companies to provide cures.

Take care!

Gabs xx

I think I might leave my PC switched off on 5th January!

(Only kidding)

Use Linux.

Ah we know there's time yet BUT will they be ready and prepared???

Does Linux make you immune then Mucks?? Is it like a Harry Potter invisibility cloak???

Gabs xx

Don't know about Mr Potter but I do have an invisible cloak ... I named it Firewall Fred.

Windows "nasties" cannot "run" on Linux ... I can house them for you and pass them on in an email, but I won't get infected. Had me jabs two weeks ago. Have a peek in the Linux forum Gabby, I have a nice thread on Linux viruses you may want to 'borrow' when you need it.

Oh, a Firewall will not protect you if you "click on an email" to open ...



Don't open any emails.