Social engineering helps Sober top virus charts

The latest Sober variants started to spread on November 19 and within days began threatening corporate e-mail gateways due to the sheer volume of messages generated by infected PCs. Security experts say the virus was successful because it arrived in an e-mail that seemed to have been sent from the FBI or CIA, warning the recipient that they had been visiting illegal Web sites.

Carole Theriault, senior security consultant at Sophos, said that since the first-ever Sober virus was spotted over two years ago, the authors have used a number of different tricks to improve the malware's ability to replicate and persuade users into opening the attachment.

"Since we saw the first Sober worm back in October 2003, its author has tried to improve upon tried-and-tested tricks to dupe computer users into launching infected attachments," said Theriault in a statement.

Adam Biviano, senior systems engineer at anti-virus firm Trend Micro, told ZDNet Australia that social engineering plays a bigger part in a viruses success than its code.

"The actual replication methods have always been improved from one strain to the next but the social engineering aspect of a virus has always been key to its success," said Biviano, who gave examples of previous viruses that also used a similar trick.

"If you cast your mind back to some of the old classics like the Love Letter virus or the Kornikova virus -- they are typical examples of how social engineering has always been used," said Biviano.

However, Sophos's Theriault said that the virus author may have made a mistake by "mocking" the FBI and CIA.

"Mocking the feds is a sure-fire way of goading the authorities and you can't help but wonder whether the author is desperate to be caught," said Theriault.