Article

Netsky-B soars from Europe to the US

Edward Hurley, News Writer

Antivirus experts are warning of a new mass mailer worm that surfaced Wedneday morning.

Both Trend Micro and McAfee have Netsky-B rated as a "medium" risk. Symantec has it a moderate risk. The worm seems to be strongest in Europe, but that may change as North American workers come online.

The best way to prevent getting clipped by Netsky-B is updating antivirus signatures. Using content filtering to catch the worm is difficult as it uses a variety of subject line and body messages. Subjects could include "hello" or "read it immediately." The body of the message could say "anything ok" or "is that true?"

The worm can arrive featuring a double extension such as .rtf.pif. It may also be a .zip file, which may be problematic as many businesses allow such files in as they are commonly used in business.

When executed, the worm displays a bogus error message: "The file could not be opened!" It then copies itself to the Windows directory folder as services.exe. Netsky-B also adds a registry key so it starts when the system is started.

Netsky-B can also spread via shared drives. It searches for folder names containing "Share" or "Sharing" and then copies itself to those folders, according to Symantec. The worm copies itself using a variety of tempting sounding names such as "programming basics.doc.exe," "cool screensaver.scr" or "winxp_crack.exe."

    Requires Free Membership to View


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: