Article

Netsky-P on the prowl

Shawna McAlearney, News Writer

Antivirus vendors are warning of a Netsky variant that, among other things, exploits the Microsoft MIME header vulnerability to spread on Windows 95, 98, ME, NT, 2000 and XP systems.

This vulnerability allows the auto execution of e-mail attachments on systems running Internet Explorer 5.01 or 5.5 without Service Pack 2, according to Santa Clara, Calif.-based McAfee AVERT. A patch was issued several years ago.

"The worm appears to be the next in the now well-known 'virus' war between the creators of Netsky and Bagle," said an advisory from Tokyo-based Trend Micro. "Netsky-P … makes use of celebrity names like 'Britney Spears' and 'Eminem' in the files it drops; its message body also contains statements seeming to originate from certain antivirus vendors declaring that 'no virus' has been found. The subject line varies, but includes a number of seeming harmless examples, such as 'Protected Mail Request', 'Mail Authentication."

Netsky-P propagates via e-mail using its own Simple Mail Transfer Protocol (SMTP) engine and also spoofs addresses.

"The virus writers are now increasing the complexity of their creations -- possibly an effect of this ongoing 'war', in an attempt to outdo their opponent," David Kopp, head of Trend Micro's TrendLabs Europe, said in a statement. "We are now seeing the inclusion of payloads and social engineering to a far greater degree. Computer users should remain extremely vigilant as this particularly unsettled time."

    Requires Free Membership to View

Trend Micro worm information
MIME advisory

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: