They look like this. These are the download sites Sober.Y will start using on 5th of January. We're leaving out the filename of the actual executable, but this should be good enough list of addresses you might want to block at your corporate firewall, if you're a system administrator:

»people.freenet.de/gixcihnm/
»people.freenet.de/tobtrfjabzw/
»people.freenet.de/utzmfucaau/
»people.freenet.de/phyibrpkcpl/
»people.freenet.de/lhxrdryo/
»people.freenet.de/yediykdq/
»people.freenet.de/bjjhdkybpyaj/
»scifi.pages.at/agzytvfbybn/
»home.pages.at/bdalczxpctcb/
»free.pages.at/ftvuefbumebug/
»home.arcor.de/ijdsqkkxuwp/
»home.arcor.de/ldhdytdu/
»home.arcor.de/wdqodvdhwwese/
»home.arcor.de/frweemrecuvw/
»home.arcor.de/nulmjznomnt/

Right now, none of these URLs exist. If they are to be used, the virus writer will register them just before the activation.