Sobig continues to clog inboxes throughout Thursday

The latest variant of the Sobig virus continued to spread on Thursday, underscoring how mass-mailing computer viruses can still be a nuisance.

In the past 24 hours, the virus, known as Sobig.E, mainly has affected US computer users, according to email service provider MessageLabs. The company, which filters email messages and removes viruses and spam for clients, reported 70 per cent of the Sobig.E-infected messages came from the US. Another 18 percent came from UK sources.

"Certainly yesterday, it had everything to do with the time zone," said Mark Sunner, chief technology officer at MessageLabs. "It kicked off when the US was just starting its working day." Sunner added that the virus appears to have been released by an online vandal in the US.

Sobig.E has been quite successful at spreading and has jumped to the top of MessageLab's daily list of most-seen attachments. However, its reach so far has fallen short of recent viruses such as Bugbear.B, which accounted for almost 32,000 email attachments in its first 24 hours. Sobig.E accounted for fewer than 25,000, Sunner said.

Anti-virus companies are expressing moderate concern for how fast the virus has spread. Security software firm Symantec raised its rating of the virus to a middle-of-the-road '3' on its five-level threat rating. Rival Network Associates assigned a "moderate" threat rating to the virus.

"We are still getting a lot of submissions" from companies reporting the variant, said Craig Schmugar, a virus research engineer for Network Associates. While submissions from companies have fallen, the virus apparently has sent a significant number of copies of itself to the anti-virus firms in the regular course of spreading.

Sobig.E, like other versions of the virus, appears in a recipient's in-box with the subject line "Re: Movie" or "Re: Application". The body of the message states: "Please see the attached zip file for details." The malicious program is contained in an 80KB attachment to the message. It infects any PC running a Microsoft Windows operating system when the attachment is opened.

The virus grabs email addresses from several different locations on a computer, including the Windows address book and internet cache, and sends emails to each one. The virus also forges the source of the message using a randomly selected email address, so that the infected message appears to come from someone else.

Sobig.E is more efficient than previous version of the virus in sending email addresses, according to MessageLabs' analysis, because the email engine that it uses to send email is 'multi-threaded'. While earlier versions of the virus had to wait for a task, or thread, to be completed, Sobig.E can send multiple emails at the same time, making it a much more efficient spam engine.

The virus has hit home users harder than companies. Vincent Weafer, senior director of Symantec's security response team, said home users are 10 times more likely to report the virus.

"That matches what we have seen with other variants of Sobig," Weafer said.

Robert Lemos writes for CNET News.com.