'

Virus chaos thwarted by poor social engineering

The latest variant of the Sober virus was released on Friday and has been spreading over the weekend, but antivirus experts say the situation could have been much worse.The Sober.

The latest variant of the Sober virus was released on Friday and has been spreading over the weekend, but antivirus experts say the situation could have been much worse.

The Sober.i virus, which arrives as an e-mail attachment claiming to contain naked photos of a blonde model, started spreading very quickly on Friday. However, its infection rate has been relatively low outside Germany and Switzerland because in the English-speaking world the malicious e-mail arrives with the subject "delivery failure" or "oh god".

Mark Sinclair, technical services manager, Trend Micro Australia, said that although Sober.i has been spreading in the Asia Pacific region, its impact has been limited because outside Germany and Switzerland the e-mail is "less enticing".

"In Australia we have some local infections but not as many infections as the last big Bagle worm. It has to do with the way these worm writers use social engineering techniques to trick users. The Bagle worm's content was far more enticing than this one," said Sinclair.

Graham Cluley, senior technology consultant at Sophos, said it was strange how the virus writer changed the social engineering strategy for non-English speaking domains.

"In the English version they don't seem to be using sex at all. Maybe [the virus writer] thinks that the English aren't as interested in sex as our German cousins. Perhaps he is making a national judgement about the countries," said Cluley.

Cluley said that even without using the sex angle, Sober has been spreading because people cannot resist opening e-mail attachments.

"Although much-publicised virus outbreaks in the past should have made users more nervous of double-clicking on unsolicited e-mail attachments, some still find it hard to resist," said Cluley.

Trend's Sinclair agreed that even if users stopped opening suspect attachments, vulnerabilities in software would keep virus writers busy for some time.

"Advanced viruses take advantage of operating system vulnerabilities. Virus writers are looking in that direction because they are far more effective. As more users take up Windows XP SP2 there will be vulnerabilities published and virus writers will take advantage of those. But that is true of any operating system -- it is not just Microsoft," added Sinclair.