- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
A new version of the Netsky e-mail worm is programmed to launch a distributed denial-of-service attack on peer-to-peer (P-to-P) networks, contains a message blaming users for spreading viruses and says that Netsky's authors want to stop hacking and illegal file trading, anti-virus software companies warned.
Netsky.Q first appeared on Monday and is spreading on the Internet. It is the 17th variant of the worm to be released since Netsky first appeared in February, anti-virus companies said.
The Q variant arrives in e-mail file attachments with .pif (Program Information File) or .zip file extensions. Netsky also tries to exploit a long-patched Microsoft security hole that allows file attachments to be launched automatically when the e-mail message is read, according to F-Secure of Helsinki.
Netsky.Q messages are disguised to look like returned e-mail error messages that might be generated by a company's e-mail servers. For example, messages contain subjects like "Delivery Error," "Error," and "Server Error." When opened, the e-mail displays messages such as "Mail Delivery -- This mail couldn't be displayed" and claim to contain a version of the rejected message as a "binary attachment," enticing users to click on the virus file, F-Secure said.
Like earlier versions of Netsky, the new version installs itself on Windows machines when the file attachment is opened. It also combs the infected machine's hard drive and harvests e-mail addresses from a variety of file types.
Netsky.Q is programmed to mail copies of itself to addresses it finds on March 31, 2004, and April 5, 12, 19 and 26, 2004, said Sophos of Abingdon, U.K.
Computers infected with the new worm variant are also programmed to launch a denial-of-service attack on a number of P-to-P and pirated software Web sites including www.kazaa.com, www.edonkey2000.com and www.cracks.am on April 7, and April 12, 2004, F-Secure said.
A message buried in the worm's code may explain the programmed attacks on P-to-P networks. In the message, the Netsky author or authors claim to represent a benevolent group called "SkyNet Antivirus Team" based in "Russia" and draw distinctions between their creation and other worms that open back doors on infected computers that can be used to relay spam message or facilitate future hacking.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment