Netsky variant a greater threat than thought

By Dawn Kawamoto, News.com
Posted on ZDNet News: Mar 29, 2004 10:45:00 PM

Security company Symantec raised its severity rating of the latest incarnation of the Netsky worm.

Netsky.Q was upgraded from a level 2 to level 3 threat on the security firm's five-point rating system. The company said it has received 379 reports of the worm since its discovery Sunday.

"We see quite a few variations of any major threat," said Sharon Rockman, senior director of Symantec Security Response. "But what is unusual about this time is we are having so many level 3 upgrades with Netsky, MyDoom and Bagle...Usually, there is one (worm) that is very popular and one to three variants."



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Two previous Netsky variants received an upgrade to level 3 for their wide distribution.

Netsky is a mass-mailing worm that uses a bogus sender address and continually changes its subject line and content. An e-mail attachment usually carries an .exe, .pif, .scr or .zip file extension. The worm distributes itself to e-mail addresses in a victim's hard drive and copies itself into shared folders via file-sharing programs.

Unlike its predecessors, Netsky.Q is scheduled to trigger a beeping alarm at 5:11 a.m. Tuesday. This will occur only in infected computers that are operating at the time the alarm is set. Netsky.Q is also expected to release a denial-of-service attack between April 8 and April 11 on several Web sites, including those of eDonkey2000, Kazaa, eMule, Cracks.am and Cracks.st, according to Symantec.

The latest Netsky variant marks the second consecutive time the worm has been upgraded to a level 3 threat since the original author announced plans in early March to discontinue releasing variants. That announcement, part of Netsky.K, also noted that the worm's source code would be published, making it available for others to use.

Following the Netsky.K announcement, four other versions of Netsky were released, but those never exceeded a level 2 threat. Antivirus experts speculated that they were written by other authors who may not have had the same widespread distribution system as the original author had.

Security experts say it's difficult to ascertain whether the original author has stepped back into the game or new virus writers have become more proficient in developing a distribution system for their work.

"Once you release the source code, it's hard to tell if it's from a new author or the original writer," Rockman said.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 25 Talkback(s)

Thread View
Flat View

Good idea!: I usually use linux for internet, email, office etc.
When I do use windows on the net I use mozilla for browser and email.

I even have Norton Internet security block all attempts to connect to the net by IE, outlook, express and other (mostly ms) apps.... (Read the rest); Posted by: Spoon Jabber Posted on: 03/31/04 You are currently: Logged In | Log out

attacks kazaa? ryusen | 03/29/04

Me! Me! nite_w0lf | 03/29/04

pay?? ryusen | 03/30/04

ARRRRRRRRRRGGGGGGGRRR!!!!! spinit | 03/29/04

Which operating systems, which email client? Len Rooney | 03/29/04

This is yet another Windows specific virus jellyclock | 03/30/04

Unconstitutional EULA DragonBRockin | 03/30/04

OS of choice... kcplate | 03/30/04

Ignorance is... Spoon Jabber | 03/30/04

RE: OS of choice arobert@... | 03/30/04

Standard MS FUD jellyclock | 03/30/04

Home users aren't "safety critical systems" jfrankcarr | 03/31/04

Suggesting by Ignorance michael-t | 03/30/04

ok, how about ... gary.douglas@... | 03/30/04

Link gary.douglas@... | 03/30/04

Doubtful that ms fixed 100% Spoon Jabber | 03/31/04

RE: Which operating systems, which email client? arobert@... | 03/30/04

Which OS's, which email client moonguppie@... | 03/30/04

seriously... ryusen | 03/30/04

keep your antivirus up to date, and it won't be a problem CobraA1 | 03/30/04

RE: Keep your antivirus up to date, and it won't be a problem arobert@... | 03/30/04

Well gee whiz.... quietLee | 03/31/04

RE: Well gee whiz..... arobert@... | 03/31/04

Good idea! Spoon Jabber | 03/31/04

Virus protection has to be 'blended' too jfrankcarr | 03/31/04

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry