Companies can take steps like making sure antivirus software signatures are up to date and keeping a careful eye on E-mail activity around Jan. 5, since any variant of Sober will spread using its own SMTP engine to send copies of itself over port 25. Companies with desktop firewalls can lock down outbound traffic from PCs trying to communicate with outside servers that way, senior Yankee Group analyst Andrew Jaquith says.
But Sober keeps finding security holes, so advanced notice might not be enough to stop an outbreak. The first Sober was found in 2003; it has spawned 25 variants, and Sober.y was this year's worst worm, F-Secure says. Plus, it's possible the Jan. 5 clues are part of a disinformation campaign by the worm's creator.
So eggnog might be a good idea, but keep a pager handy.