November 18, 2005
Veronique De Freitas
New variants of the Sober worm are making their way across the net using new formats that are difficult for anti-virus programs to detect.
According to Panda Software, five new variants of the mass-mailing worm are spreading using hundreds of different compression formats that increase the probability of web users getting infected.
The Sober variants are similar to their predecessors, claim security experts as they send themselves to email addresses obtained from an infected computer.
According to Panda Software, these worms will change the language of the message depending of the address they are sent to - a message will be sent in German to address with the suffix '.de', '.li', '.ch' or '.at', otherwise, the message will be sent in English.
Luis Corrons, director of PandaLabs, said: ?The worrying thing is that they are being sent out in many different formats. Although these worms are the same, traditional antivirus programs need a vaccine for each compression format. Obviously, this makes the work of security companies more difficult, as they have to spend time obtaining a sample of all the variants in circulation and generating the corresponding updates.
?It seems more like a test that aims to find out which one is most difficult for security solutions to detect. However, at the moment there is an incredible number of infected email messages in circulation, and therefore, users must be careful with the messages they receive from unknown senders," he added.