Antivirus software companies are warning that a new version of the NetSky e-mail worm is circulating on the Internet, only a day after the appearance of a new variant of the Beagle or “Bagle” worm prompted similar warnings.
NetSky.B, also known as Moodown.B, first appeared on Wednesday and is spreading through infected e-mail messages and shared network folders. Once installed, NetSky tries to disable antivirus software, steal e-mail addresses and copy itself to shared network folders, antivirus companies said.
The new worm is a modified version of NetSky.A, which appeared on Monday. Like its predecessor, NetSky.B arrives in e-mail messages that have randomly generated subject lines such as “something for you,” “hello” or “fake.” The worm file is contained in a zipped attachment that also has a randomly generated name and file type such as “document” “stuff” or “party.” File attachments with an .exe, .scr or .pif extension are also common, said antivirus company TruSecure Corp.
Network Associates Inc. (NAI) is receiving between 40 and 50 copies of the worm each hour, both from customers and worm-generated e-mail, according to a company spokesperson. Most copies of the worm appear to be coming from the Netherlands and elsewhere in Europe, said NAI, TruSecure and others.
Antivirus companies released updated virus definition files to spot the new version of NetSky and advised customers to update their antivirus software as soon as possible.
The new worm outbreak follows a similar infestation on Tuesday, when a new version of the Beagle (or “Bagle”) worm surfaced and began spreading rapidly.
The sudden appearance of virus-laden e-mail messages may be evidence of a virus spreading, or of a massive “seeding” of a new virus using spam e-mail messages, antivirus experts said. A similar seeding was behind the sudden appearance of NetSky.A on Monday, said antivirus company F-Secure Corp. of Helsinki.