New Worms Claim They're CleanNew Worms Claim They're Clean

New versions of the Sober and Netsky worms started spreading over the weekend, said security firms, and although they closely resemble earlier editions, they use a new social engineering twist to sneak by users.

Both Sober.f and Netsky.s arrive as file attachments in E-mail messages that sometimes claim that they've been scanned for viruses, and that no malicious code has been detected.

"The ploy of adding a 'No virus found' message at the bottom of the E-mail is deliberately designed to appeal to those who are too impatient to practice safe computing," Graham Cluley, a senior technology consultant at anti-virus vendor Sophos, said in a statement.

Sober.f, which over the weekend was upgraded by several security firms to a medium-level threat as it spread quickly through Europe, can clog E-mail servers and chew up bandwidth, said Cluley. It arrives as an attachment to a message bearing a range of subject headings in either German or English--some of which use the tactic of purporting to be E-mail delivery error messages--and grabs addresses from infected PCs to continue its spread.

The newest Netsky worm, Netsky.s, is a close cousin of last week's Netsky.r, but also uses the no-virus-found technique to trick recipients into opening the attached file. The worm-bearing message contains text such as "no virus found," along with claims that the message was scanned by online anti-virus software from Panda, McAfee, or F-Secure.

Netsky.s is currently rated as a low-level threat by most security firms.