One in every 14 e-mail messages passing through the filters of U.K.-based Sophos carried the Sober payload, with the worm accounting for 85 percent of all malicious code detected.
The sheer rate at which this worm is spreading proves that the devious tricks work," said Graham Cluley, senior technology consultant at Sophos, in a statement.
Sober.x -- which has also been tagged as Sober.y and Sober.z by anti-virus vendors -- comes packaged as an attachment to messages supposedly from the FBI, CIA, and overseas police agencies such as Germany's Bundeskriminalamt, or in mail offering links to video clips of Paris Hilton.
By Sophos' year-to-date tally, Sober.x is 2005's third-most prevalent worm; only Netsky.p and Zafi.d top it on the chart.
In other security news, a new Mytob worm is also spreading quickly enough to make several security companies push their customer warning levels to "medium." Mytob.mx, said Panda Software and Trend Micro, is a serious threat.
The worm first appeared Nov. 24, Thanksgiving Day in the U.S., but its spread has been limited on this side of the Atlantic. Belgium, Poland, and Portugal are the hardest-hit countries, Panda announced Monday.
As with other variants of the widespread Mytob clan, the newest version propagates by hijacking addresses from an infected system and includes a backdoor component that lets the hacker send additional commands and/or files to the compromised computer to turn it into a spam-spewing zombie, or to load it up with spyware.
The Sober worm first appeared in December, 2003, while the Mytob family debuted in February, 2005. The author or authors of both worm groups are still at large.