This variant of Sober generates e-mails that purport to be from the CIA or FBI and tell the recipient they have been looking at illegal Web sites and should answer some questions in the e-mail's attachment. Of course if the attachment is opened, the computer is infected and the virus sends copies of itself to any e-mail addresses found on the hard drive.
According to Allan Bell, marketing director at McAfee Australia, over the past 24 hours more than 90 percent of all virus laden e-mails monitored by its partner Postini contained a copy of Sober.
"[Sober] was generating around 15 million out of 16.8 million [virus-infected e-mails] so about 90 percent of the traffic is this particular virus," Bell told ZDNet Australia.
Bell called the virus "prolific" because it is capable of generating large volumes of traffic, which could slow or even overload many e-mail gateways.
"When they generate a lot of traffic they themselves become a bit of a denial of service because your mail gateway needs to process, identify and then block. Just processing that stuff can slow everything down and stop good e-mails," said Bell.
UK-based antivirus firm Sophos said the virus is slightly less widespread than McAfee claims, but admits its effect has been significant. According to Sophos, Sober accounts for more than 65 percent of all virus traffic, which means this variant is contained in around one in every 74 e-mails.
Graham Cluley, senior technology consultant at Sophos said that the virus's clever social engineering had helped it become so widespread: "Every law-abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal websites and want click on the unsolicited e-mail attachment".
McAfee this morning raised the threat level of Sober to 'medium' based on the amount of e-mail traffic it has generated.
