21 July 2007
A new variant of the Sohanat worm is making the rounds, and this time it's masquerading as a BitDefender executable.
The Sohanat worm spreads itself via Yahoo instant messenger, by sending itself to the people in an already-infected user's address book. Those who inadvertently click the link launch the executable, thus infecting their computers.
"The Sohanat worm family is old and pretty widespread, as such worms go. This particular version is the 26th to have ever come to our attention and the most interesting because in addition to the usual tricks it also uses a clever bit of social engineering" declared antivirus researcher Mihai Cimpoesu for BitDefender.
BitDefender users are not at risk, as the new threat is detected and blocked as worm.Sohanat.Z. A full technical description of the worm can be found here:
http://www.bitdefender.com/VIRUS-1000144-en--Worm.Sohanat.Z.html
"This incident, apart from the peril posed by the worm itself, raises the question of trust - users tend to trust those they associate with and trust security software, so this worm exploits a human flaw first and foremost and only second an imperfect technology" Mr Cimpoesu concluded.
MEDIA RELATIONS
[email protected]INDUSTRY ANALYST RELATIONS
[email protected]INVESTOR RELATIONS
[email protected]