May Malware, Variants of Traditional Worms
The situation visible from security reports of May 2007 appears to resemble that of some years back. In May, the traditional dialer along with new variants of old worms like Sober, Netsky, Bagle and Puce occupied the top positions in the malware list. According to anti-virus firm Kaspersky, the old worms in new versions reappeared in May. They included Sober.aa that leapt forward to the fourth place. The earlier form of this virus, Sober.z first appeared in mid-November 2005.
The new Sober variant that re-emerged in April this year spreads through e-mail, which tells the recipient that he can't remember his password, therefore a new one has been created. The e-mail also notifies the user that his new password is a sequence of randomly selected alphabets and digits. Such modified passwords have been in zip formats.
Although Sober.aa has been classified as "primitive" it has characteristics to take it ahead of worms with even advanced functionality. According to Kaspersky's predictions, Sober.aa is capable of moving up the ladder of malware ratings in the approaching months.
Another prominent malware that emerged in May 2007 was the popular mass mailer Sober appearing in W32/Sober.AA@mm form. This worm was most active since January 2006. Another active worm since April 2007 was W32/Stration.JQ. This worm produced a large volume of activity in the second half of May 2007.
The above two worms are in their modified versions that have stayed for a long time. But these are easier to defend against. A virus variant uses almost a similar coding like the original kind. But if they are recognized, the anti-virus filters can conveniently prevent them. But when a completely new virus attacks, security vendors have to spot it, study its construction and manner of attacks to be able to design adequate defenses against it.
While malware authors are reviving traditional worms, spammers remain busy in innovating ways to get around anti-spam programs. spammers are now replacing the method of embedding images in the e-mail body message with hosting new images on Web sites, and then adding the links to those sites in the e-mail.
» SPAMfighter News - 18-06-2007