Threat From Sober Variant Grows:
"A variant of the Sober mass-mailing worm appears to be gaining more traction as leading security vendors increase their threat levels.

Increasing prevalence of the W32/Sober.C worm prompted Network Associates Inc. on Sunday to raise its risk assessment to medium from low. Sober.C is most active in Germany, where e-mail security vendor MessageLabs Inc. said 83 percent of samples had originated."

Other security vendors all have rated Sober.C's threat as low or medium. F-Secure Corp. tagged it a medium threat, ranking it a level 2 threat out of three. Symantec Corp. rated it as a level 2 threat out of five, or a low threat. MessageLabs also consider the risk "low," while saying that it has intercepted a "significant number of copies" of the worm.

Sober.C first appeared on Saturday, and New York-based MessageLabs reported its highest number of interceptions of the worm on Sunday.

Sober.C, once activated, e-mails itself to a user's Microsoft Outlook address book and sends outgoing messages through its own SMTP engine, said Network Associates, of Santa Clara, Calif. Along with e-mail, Sober.C can spread through peer-to-peer filing sharing networks.…

Sober.C, written in Visual Basic, can infect systems running Windows 2000, Windows 95, Windows 98, Windows NT and Windows Server 2003.

http://www.eweek.com/article2/0,4149,1420314,00.asp