A virulent worm is spreading across the Internet, showing up Wednesday in one of every 22 e-mails being sent.

The latest epidemic, the largest this year, is the latest variant of the Sober virus and it is accounting for almost 80 per cent of all the viruses online.

Thought to originate in Europe, it is spreading in both German and English, tricking e-mail users into triggering it with such promises as free World Cup soccer tickets or purporting to contain registration and other information that appears to be legitimate.

Once opened, the virus spreads by sending itself by all the e-mail addresses contained on the infected computer.

“It’s an epidemic,” said Ryan Purita, a senior security consultant with Vancouver‘s Totally Connected Security Ltd. “It’s a big problem.

“It is definitely the one that is making the most waves. I haven’t seen anything remotely close to it this year.”

Purita said the virus, which has its own e-mail engine, doesn’t rely on a user’s address book to propagate itself, but simply scours the hard drive for any e-mail addresses

It also targets certain files for deletion, including the live update function on Symantec’s anti-virus software.

Despite its prevalence, Vincent Weafer, senior director of development at Symantec Security Response, said the virus is already being locked out of corporate mail systems.

“It’s in the e-mail traffic but we are not seeing it go through to the end point,” he said. “It’s out there, it is spreading, but we’re not seeing the end point infections that we would see with other infections.”

Experts at Sophos, the Internet security company, said the worm has spread to more than 40 countries, and shows no signs of slowing. By Wednesday, it was accounting for 4.5 per cent of all e-mail traffic on the Internet.

“Sober doesn’t do anything new, with the exception that it is a bilingual virus,” said Chris Kraft, senior security analyst with Sophos in Vancouver. “It will try and tailor a specific message to the German-speaking countries and the non-German-speaking countries.”

That means while a subject line offering free World Cup tickets is most prevalent in Europe, here infected e-mails are containing such lines as “registration information,” and pretending to be from an e-mail service, or “your e-mail was blocked,” a line that convinces many people to open the attachment.

“Once people open that attachment they are infected,” said Kraft.

Kraft said the sheer volume of the virus-infected e-mails could cause problems. “It raises the mail volume and it may take a mail server down if the volumes are too high,” he said.

This worm is particularly adept at disguising itself as a legitimate e-mail, prompting many users to inadvertently trigger it by opening the attachment it is carried in. Security experts say the best defence against this attack is anti-virus software that is kept up to date.

SOBER THOUGHTS:

Sober, an Internet worm virus, by Wednesday had spread to 40 countries, accounting for 4.5% of all e-mail traffic.

– Sober spreads by scouring hard drives for e-mail addresses.

– Infected messages can arrive in both English and German, feature a wide array of subject lines, including “your password,” “registration confirmation,” “your e-mail was blocked” and “mailing error.”

– It can also appear as an e-mail from FIFA — the international football association –saying the recipient has won free tickets for the 2006 football World Cup in Germany.

© The Vancouver Sun 2005