New Netsky.C variant reported

A new version of the NetSky e-mail worm has begun circulating through the Internet, antivirus software companies reported on Wednesday.

Like its predecessor NetsSky.B, which struck last week, the worm, known as Netsky.C, arrives via e-mail messages with familiar subject lines like “Question,” “Fwd: lol,” and “Re: hey.” Users launch the worm by clicking on attachments accompanying the messages.

“They’re keeping subject messages really simple, which entices users to click on the attachment,” said Steven Sundermeier, the vice-president of products and services with Medina, Ohio, security software vendor Central Command Inc. “You could see how that kind of piques users’ curiosity.”

Once launched, the worm then installs its own mail server on the user’s computer and begins sending infected e-mail using addresses it collects from the infected computer.

The worm also appears to target users of file sharing services, said Sundermeier. “If it finds any subdirectory that has the word “shar” in its name, it will drop a long list of enticing filenames in it, which are copies of itself,” he said. “That now makes it available through file sharing applications like Kazaa or instant messaging applications.”

These infected files have a variety of names, including “Adobe Photoshop 9 full.exe,” Microsoft Office 2003 Crack.exe” and “Dark Angels.pif,” Sundermeier said.

NetSky.C first appeared Tuesday night (U.S. Pacific time), said Patrick Hinojosa, the chief technology officer with Panda Software, Inc. in Glendale, Calif. By Wednesday morning, three per cent of the users of Panda’s on-line virus checking service were infected, he said. “Three per cent within one day is a pretty good clip, so this one looks like it’s spreading a little bit faster than NetSky.B,” he said.

The NetSky.C worm is very similar to its NetSky.B predecessor, but “B” uses different subject names, and searches for subdirectories with the word “sharing” instead of “shar,” Sundermeier said.

Another difference is that version C causes the user’s computer to beep when the infected file is launched. “It’s kind of a computerish type sound,” said Hinojosa. “That’s a sure sign when you get it.”

NetSky.B displays a Windows error message saying “the file could not be opened,” when it infects a computer, he said.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now