A new version of the two-year-old Sober worm stormed the Internet late Wednesday and early Thursday, causing anti-virus vendors to issue the loudest alerts since the August appearance of Zotob.

The worm, which carries names ranging from Sober.o (Sophos) and Sober.q (Symantec) to Sober.r (McAfee) and Sober.s (F-Secure), is a typical example of the bilingual Sober, and as of mid-day Thursday, relatively tame.

"It came on strong early last evening, but died down fairly quickly," said Craig Schmugar, the virus research manager at McAfee. "By now the worst is over."

At its height, the new Sober was the second-most commonly reported piece of malicious code, rival Sophos said in a statement Thursday, and accounted for approximately one in every 10 viruses.

Like the most dangerous of the Sober clan, Sober.n, this one comes in either English or German language versions, hijacks e-mail addresses from infected PCs to spread, and uses its own SMTP engine to send copies.

Sober.r''s replication techniques, however, are lame, said Randy Abrams, director of technical education for another security vendor, Coronado, Calif.-based Eset Software. "It was spammed out from a vast array of computers, but it''s not replicating well," Abrams said. "The threat level is really influenced by the number of copies originally sent out."

That threat level was what drew attention. For the first time since mid-August, most security vendors used their "medium" label to describe Sober.r''s danger. There were exceptions. Symantec, for instance, tagged Sober with a "2" in its 1 through 5 scheme; August''s Zotob was only the fourth worm or virus to rate a "3" in the Cupertino, Calif.-based security giant''s threat system.

Some experts hypothesized that the release of Sober.r was timed to coincide with the ongoing Virus Bulletin International Conference, which cranked up in Dublin, Ireland, Wednesday and runs through Friday.

Abrams pooh-poohed the idea. "There are so many new viruses and worms that it would be an oddity if there wasn''t one [released] during the conference," Abrams said in an interview from Ireland. "And it''s not like there aren''t capable people back home who can turn out a signature [file]," he added.

Overall, said Schmugar, this was a tempest in a teacup. "Sober is an active family, but it''s not on par with Mytob or other worms," he said. What it has going for it is perseverance. "At two years and counting, clearly the author or authors look like they''re going to continue."

In a side note, the new Sober made history as the first piece of malicious code to be assigned a CME (Common Malware Enumeration) identifier as it hit the Internet: "CME-151." The CME identifying process is an attempt by US-CERT and private anti-virus vendors to reduce the confusion over the multiple names many worms and viruses receive.