Both programs are suid root. There is no reason to ever type "sudo su" except for the situation where one is unfamiliar with the "-i" and "-E" options to sudo, or otherwise in the habit of doing things as root without understanding why they're done. The su commands passes through a few hard-coded environment vars, while sudo can control exactly which ones pass through (try $DISPLAY for a useful example). The su command can only prompt for the target user's password (assuming a default pam stack), while sudo can be configured to authenticate the source or target user, or neither, per command. The su command resets $HOME, while sudo can decide based on the ruleset available. And that's one more forked process that doesn't need to exist.

Basically, "sudo su" is like nailing one hand behind sudo's back and gaining nothing. :)