Antivirus vendors are warning of a Netsky variant that, among other things, exploits the Microsoft MIME header vulnerability to spread on Windows 95, 98, ME, NT, 2000 and XP systems.
This vulnerability allows the auto execution of e-mail attachments on systems running Internet Explorer 5.01 or 5.5 without Service Pack 2, according to Santa Clara, Calif.-based McAfee AVERT. A patch was issued several years ago.
"The worm appears to be the next in the now well-known 'virus' war between the creators of Netsky and Bagle," said an advisory from Tokyo-based Trend Micro. "Netsky-P … makes use of celebrity names like 'Britney Spears' and 'Eminem' in the files it drops; its message body also contains statements seeming to originate from certain antivirus vendors declaring that 'no virus' has been found. The subject line varies, but includes a number of seeming harmless examples, such as 'Protected Mail Request', 'Mail Authentication."
Netsky-P propagates via e-mail using its own Simple Mail Transfer Protocol (SMTP) engine and also spoofs addresses.
"The virus writers are now increasing the complexity of their creations -- possibly an effect of this ongoing 'war', in an attempt to outdo their opponent," David Kopp, head of Trend Micro's TrendLabs Europe, said in a statement. "We are now seeing the inclusion of payloads and social engineering to a far greater degree. Computer users should remain extremely vigilant as this particularly unsettled time."
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
Trend Micro worm informationMIME advisory