The latest variant of the Sober worm is aiming for the top virus of the year spot, with a staggering one in 14 e-mails circulated on the Internet containing it as of Monday morning, according to the antivirus vendor Sophos.
Around 85 percent of all viruses reported to Sophos are what the company calls Sober-Z, up from around 60 percent last week, said Graham Cluley, senior technology consultant. Right now, Sober-Z ranks as the third most prevalent virus for the year, behind Netsky-P in first and Zafi-D as No. 2, he said.
"It isn't slowing down," Cluley said. "At the moment, it's getting worse."
It first appeared around Nov. 22 using several forms of social engineering to trick users into executing the attachment. Messages purporting to be from the U.S. Federal Bureau of Investigation warn recipients that they have been visiting illegal Web sites and ask them to read a list of attached questions.
Other versions pretend to be from the U.S. Central Intelligence Agency or offer video clips of Paris Hilton and Nicole Richie from the TV show "The Simple Life." While most antivirus vendors have updates that can remove the worm, the "clever" social engineering ploys are still effective, Cluley said.
"I think the problem is there are some people who simply don't have protected computers and are spewing this out to other people," he said.
The worm, which is believed to have originated in Germany, scans hard drives for e-mail addresses and also tries to shut off security software, according to Sophos.