Internetrix servers have experienced a massive surge in virus email traffic over the last week, predominantly as a result of the new Sober virus.

This virus has resulted in an increase of more than 50% on our daily mail volumes, resulting in more then 120,000 mail messages last weekend alone (when the mail servers are normally a lot quieter). As a result, we're a bit worried that a lot of our clients are infected, so we've included some information below on the Sober worm responsible for all this carnage.

One of the problems with the Sober virus is that it is almost impossible to advise people that they are infected. The virus (more accurately known as a Worm), which spreads predominantly via email, fakes its return address, making it very difficult to let people who have been infected know. It gets its addresses by searching through all manner of files on the infected machine, and any time it finds an email address, it sends a copy of itself to the hapless victim using its own mail server – that way, you can't tell that it is running, and you won’t find evidence of the messages in your "Sent Items" folder.

The other major problem with this virus is quite cleverly written. By pretending to come from a source of authority, and telling the user they will find their password or other important information, they encourage people to open the attachment (which looks like a ZIP file). In a final attempt to trick people, the virus includes a line at the bottom of the message promising the message has been scanned by an anti-virus program, and is certified as clean. We believe it is this social engineering, rather than its technical prowess, that has made this virus so successful.

As always, we strongly recommend users against opening attachments from people they don't know. In this case, we recommend users be particularly careful, as the email is programmed to come from an important sounding account, such as "admin", "webmaster", "info" or "postmaster".

If you think you might have this virus, download the free removal tool from Symantec. You can also read more information about this virus – including its German version – from the Symantec site.

If you're using anti-virus software, make sure you update your virus definitions. These definitions work like a hit list to fingerprint viruses on your system – considering this virus was only discovered last week, it is essential you keep your definitions up to date. Finally, if you’re not using anti-virus software, you can perform a free online virus scan at http://housecall.trendmicro.com.