Do you recall the most infamous Internet worm of 2005 – Sober.x? If you don’t, please refresh your memory. Sober.x caused last year’s largest epidemic, which vast scale surprised analysts and virus researches. The infection rate reached the top in late November, 2005, right before the Thanksgiving holiday. Thousands of users around the world were hit by the parasite. Shortly after, thanks to quick reaction of antivirus companies and security experts, the worm ceased spreading, only to return tomorrow.
On January 6, 2006 systems, which are still infected with the worm will contact predefined web servers in order to download new malicious code. This code most probably will be a dangerous file carrying yet unknown payload. According to some IT security experts, a new payload might be much more devastating compared to the initial one carried by Sober.x.
However, security companies F-Secure, Websense and MessageLabs all agreed that tomorrow’s Sober attack should not cause many problems, because most malicious web sites intended to host the dangerous code are already down. Nevertheless, even if this will prove out, the worm will not die. After fourteen days, on January 20, 2006, Sober.x will make another attempt to download malicious code from additional web servers.
Although Sober.x doesn’t spread today, there are still many computers infected with this parasite. All the users are encouraged to check their systems immediately. Almost every modern antivirus equipped with the most recent malware definitions database is able to detect and remove the worm. The latest release of Microsoft’s Malicious Software Removal Tool can also get rid of Sober.x and other worm’s variants. The software giant asks users who believe they are infected to visit Windows Live Safety Center and take a free online scan.