Why are you clicking on attachments still???? Do you just like pain or what?

Both Kaspersky Lab and Symantec have detected worm variants. Kaspersky noted three variants of E-mail-Worm.Win32.Sober, which Symantec identified as W32.Sober.S@mm.

The variants are modifications of the same program, according to Kaspersky. A "large number of samples" of the variants have been intercepted in e-mail traffic, indicating that the worms are spreading by spam containing infected messages, Kaspersky said in a statement. The variants arrive as an attachment to infected messages.

The messages might not have a subject line or text, but can be identified by the attachment name. The attachment names thus far identified are: Exceltab-packed_list.exe; Liste.zip; Reg-List-Dat_Packer2.exe; reg_text.zip; Word-Text.zip; Word-Text_packedList.exe; Word-Text_packedList.zip.

The worm activates only if a computer user clicks on the attachment, which causes a false error message, "WinZip Self-Extractor. WinZip_Data_Module is missing ~Error," to pop up, Kaspersky said. The worm variants copy themselves to the Windows system directory and then register the files to the system Registry so that the worm launches every time Windows is rebooted.