Netsky variant uses compression trick
Published: 15 Oct 2004 11:40 BST
Virus hunters at McAfee have identified a new variant of the Netsky virus and rate it as a medium risk.
Like other Netsky viruses, the W32/Netskyag@MM offshoot uses an email to gain entry and install itself into several files via the Windows directory. Once installed, it harvests email addresses from the infected machine and sends out copies of itself in messages that look like they're from people on the email database in the infected computer.
The virus differs from earlier versions in that it uses different compression technologies when sending itself out, a representative for security software maker McAfee said on Thursday. This makes it more difficult to detect.
The subject line on the infected emails varies, with about 30 different ones identified so far. Most seem to be in Portuguese or a version of the language. Subject lines include "algo a mais" and "tudo sobre voce sabe". The message in the email and the attachment use the same dialect and also vary.
A number of infections are coming from Brazil, McAfee said.
The security company has released a workaround for the virus. More information can be found at McAfee's Web site.
The Netsky virus has been one of the most prolific security threats of 2004, infecting millions of computers and spawning more than 25 variants. The virus has also been used to seed computers to knock out Web sites with denial-of-service attacks. The suspected author of Netsky and the Sasser virus, 18-year-old Sven Jaschan, was arrested earlier this year and currently awaits trial.
The Portuguese Netsky variant was discovered on 13 October. McAfee's Avert lab, which studies incoming viruses, raised the risk profile to "medium" on Thursday.
Did you find this article useful?
70 out of 130 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
