Many of the readers of this column are network or security administrators who have users they care about. Here\u2019s a note about a rapidly growing worm infestation about which you should warn your users.The FBI issued an alert Nov. 22 warning that criminals are circulating a false accusation addressed to \u201cDear Sir\/Madam\u201d claiming that the recipient has visited \u201cmore than 30 illegal Websites.\u201d The e-mail message demands that the recipient fill out a questionnaire that is attached; it is infected with the W32\/Sober.AG worm (see for example the Nov. 23 alert from F-Secure).F-Secure reports that the new outbreak is the worst e-mail worm attack they have seen in 2005:\u201cSeveral millions of infected e-mails have been seen by internet operators over the last hours. One of the reasons why this e-mail worm seems to be so successful in spreading is that some of the messages it sends are fake warnings from FBI, CIA or from the German Bundeskriminalamt (BKA).\u201dApparently the 25 (and counting) variants of these Sober worms have been created by some warped personality in Germany; F-Secure states that \u201call Sober variants send German messages to German email addresses and English messages to other addresses.\u201dThe Trend Micro alert points out that in addition to the fake FBI warning, other e-mail messages carrying the worm have subjects referring to registration confirmation, passwords, mail delivery failure, new e-mail addresses and \u201cParis Hilton & Nicole Richie\u201d video clips. The attachments are all real ZIP files containing an installer program. Opening the ZIP files flashes a fake message claiming that the ZIP file is damaged but actually creates a folder called \u201cWinSecurity\u201d in the current Windows folder and places a number of files into that folder. It also puts files into the Windows system folder. The worm adds keys to the registry to auto-load on system start-up. It collects e-mail messages from a wide range of source files and uses its own SMTP mail process to send out its junk. As a final pernicious attack, the worm terminates the Microsoft Windows Malicious Software Removal Tool process.Although all the anti-virus companies are fighting this worm, it is still worth reminding users not to open e-mail attachments that they are not expecting. As for the \u201cFBI\u201d message, ask users what kind of police force is likely to send mass mailings to \u201csir\/madam\u201d when investigating crimes.Don\u2019t let the malware authors worm their way into your users\u2019 confidence.