Partly to bring this back to the top, as it is still 'prevalent', and also to advise of a warning for the 'Happy New Year'

Possibly on the 5th of January or 6th of January, a new SOBER variant is expected to be released by the same group that caused the recent WORM_SOBER.AG outbreak in November.

It is thought that WORM_SOBER.AG will download an executable file 'Sober.exe' on these dates (encrypted within the SOBER.AG worm). The URLs involved are 'hidden' and an algorithm based on the date will generate the exact URLs.

With acknowledgements to Trendmicro.com

May I also remind all that this company offer an excellent 'online' check of your machine 'as is', via
this site. Yes, it does poke around in your 'innards' but I have been using it fairly regularly for several years without any problems.