Sober.C Starts Spreading, Germany Most At Risk

A new Sober mass-mailed worm debuted over the weekend and is picking up steam, causing several anti-virus vendors to boost their threat ranking.

Sober.C, following hard on the heels of Sober.B, which debuted last week, has hit particularly hard in Germany, according to security firms. Packed with its own SMTP mailing engine, the worm includes a file attachment -- which can come with any of several file names -- that when opened, puts up a bogus error message on Microsoft Windows machines.

The worm harvests e-mail addresses from compromised machines and re-mails itself to propagate. These secondary e-mails can come with a variety of subject headings -- both in English and in German -- such as 'Your IP was logged' and 'Testen Sie irhen IQ.'

MessageLabs, a U.K.-based message filtering vendor, reported that over 80 percent of the Sober.C worm samples it's intercepted originated from Germany, but warned users that it may spread to other regions, including the U.S.

Network Associates raised its threat ranking of Sober.C to 'medium' on Monday in response to the spreading worm. Symantec currently tags the worm as a level '2' threat in its 1 through 5 rating system.