The next attack is hard-coded in the version of Sober that iDefense, part of VeriSign, said in a statement Wednesday. Infected machines are set to download instructions and potentially mail out a new wave of Sober e-mails on Jan. 5, the security company said.,
That leaves Internet users with less than a month to shore up their defenses against Sober, which was the most prolific worm in 2005, security experts at iDefense said.
"The attack could have a significant detrimental effect on Internet traffic, as e-mail servers are flooded," iDefense said.
The possible outbreak could be stopped, said Mikko Hypponen, chief research officer at Finnish antivirus company F-Secure. The worm is set to download instructions from a number of sites hosted on the systems of free Web space providers. These are located mostly in Germany and Austria, he said.
"These free Web site hosters should be able to block those specific URLs this virus is trying to download from in January, so with any luck nothing will happen," Hypponen said. "There is plenty of time for the Internet service providers and the antivirus people to act."
Theis still . Microsoft last week said the load of infected messages is causing an unspecified delay for . Sober accounted for almost 40 percent of all the viruses stopped by F-Secure on Wednesday, Hypponen said.
The Sober family of mass-mailing worms appears to be the work of a German speaker or group of German speakers, iDefense said. Nearly 30 variants of the worm have surfaced since October 2003, the company said.
Sober arrives as an e-mail with a malicious attachment. The text of the e-mail can vary and can be. Some Sober e-mails have included Nazi propaganda, while others posed as messages from the FBI, the U.K.'s National High-Tech Crime Unit and the CIA.
iDefense believes a Jan. 5 attack may be spreading more Nazi propaganda. The date coincides with the 87th anniversary of the founding of the Nazi party.