Netsky.B outstrips MyDoom
Published: 24 Feb 2004 08:55 GMT
E-mail inboxes are being swamped as Netsky.B continues to increase its infection rate.
The worm first appeared on 17 February and appears to have originated in the Netherlands. MessageLabs, an e-mail management company, claims to have stopped more than 1.3 million email since the virus started spreading, and believes the infection rate is increasing rapidly. Symantec have rated the worm as severe. This means the worm is a dangerous threat and is difficult to contain.
The worm does require the user to open the attachment with the e-mail. "These days it's less to do with technology, with the code of the virus, and more to do with social engineering," David Banes of MessageLabs told ZDNet Australia.
Netsky.B scans the hard drives and shared drives of an infected computer for e-mail addresses and then uses its own SMTP engine to mail itself to those addresses. The worm also searches for folder names containing "share" or "sharing" and copies itself to those folders using a variety of file names.
The worm appears in the Inbox using a spoofed "from" address and a subject line chosen from one of the following: hi, hello, read it immediately, something for you, warning, information, stolen, fake, unknown. The body of the e-mail contains a variety of messages, and the attachment will normally have a double-file name or be a zip file. When the file is opened it displays a message "The file could not be opened!" before going to work.
In the last 24 hours, MessageLabs has stopped more than 10 times as many Netsky.B worms as MyDoom worms.
Symantec has a removal tool here.
For more coverage on ZDNet Australia, click here.
Did you find this article useful?
68 out of 158 people found this useful
- Share this article:
