Chasin called for Internet service providers (ISPs) to block port 25 to prevent outbound malicious mail such as Sober.
One security firm, the U.K.-based Sophos, has tagged the new Sober with its highest-possible threat label, while others, including Symantec and McAfee, have dubbed it a "medium" threat.
Symantec issued an additional warning to customers of its DeepSight Threat Management System to warn them of a large spike in incoming malicious attachments due to the widespread Sober. The alert also recommended that enterprise administrators take action.
"Ensure that all virus scanners are running with fully updated definitions," the alert advised. "Filtering out ZIP-compressed archives at the network perimeter might also be advisable, although it should be noted that delivery of legitimate content will, most likely, be adversely affected by this measure."
Sober's payload arrives in an attached .zip file.
As for the rationale behind the biggest attack of the year, analysts are in agreement: it's an attempt by criminals to acquire compromised computers that can be "rented" out to spammers or other hackers.
"I'd be surprised if [the attackers] weren't using the infected systems to add to their bot networks," said Alfred Huger, senior director of engineering for Symantec's security response team. "What they use those bots for, unfortunately, is anyone's guess."