Netsky-B soars from Europe to the US

Netsky-B, a new mass mailer worm, started spreading strongly in Europe this morning. Antivirus experts warn the worm packs a double wallop as it can spread via e-mail and through network file shares.

Antivirus experts are warning of a new mass mailer worm that surfaced Wedneday morning.

Both Trend Micro and McAfee have Netsky-B rated as a "medium" risk. Symantec has it a moderate risk. The worm seems to be strongest in Europe, but that may change as North American workers come online.

The best way to prevent getting clipped by Netsky-B is updating antivirus signatures. Using content filtering to catch the worm is difficult as it uses a variety of subject line and body messages. Subjects could include "hello" or "read it immediately." The body of the message could say "anything ok" or "is that true?"

The worm can arrive featuring a double extension such as .rtf.pif. It may also be a .zip file, which may be problematic as many businesses allow such files in as they are commonly used in business.

When executed, the worm displays a bogus error message: "The file could not be opened!" It then copies itself to the Windows directory folder as services.exe. Netsky-B also adds a registry key so it starts when the system is started.

Netsky-B can also spread via shared drives. It searches for folder names containing "Share" or "Sharing" and then copies itself to those folders, according to Symantec. The worm copies itself using a variety of tempting sounding names such as "programming basics.doc.exe," "cool screensaver.scr" or "winxp_crack.exe."

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close