Netsky-B soars from Europe to the US

By Edward Hurley, News Writer 18 Feb 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Antivirus experts are warning of a new mass mailer worm that surfaced Wedneday morning.

Both Trend Micro and McAfee have Netsky-B rated as a "medium" risk. Symantec has it a moderate risk. The worm seems to be strongest in Europe, but that may change as North American workers come online.

The best way to prevent getting clipped by Netsky-B is updating antivirus signatures. Using content filtering to catch the worm is difficult as it uses a variety of subject line and body messages. Subjects could include "hello" or "read it immediately." The body of the message could say "anything ok" or "is that true?"

The worm can arrive featuring a double extension such as .rtf.pif. It may also be a .zip file, which may be problematic as many businesses allow such files in as they are commonly used in business.

When executed, the worm displays a bogus error message: "The file could not be opened!" It then copies itself to the Windows directory folder as services.exe. Netsky-B also adds a registry key so it starts when the system is started.

Netsky-B can also spread via shared drives. It searches for folder names containing "Share" or "Sharing" and then copies itself to those folders, according to Symantec. The worm copies itself using a variety of tempting sounding names such as "programming basics.doc.exe," "cool screensaver.scr" or "winxp_crack.exe."

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary