Netsky no longer flying high

Subjects include "hello," "read it immediately" and "something." The body of the message says "anything ok," "is that true?" or "here is the document."

The attached worm usually came through as an executable file with a double extension such as ".rtf.pif," which should have been suspicious to users.

Given the traction Netsky-B gained, however minor, one can safely say that at least a few people opened and executed the worm. It could spread further by copying itself to shared drives. The worm searches drives C through Z for folder names containing the words "Share" and "Sharing." The worm then copies itself to those folders using a variety of enticing names, such as "programming basics.doc.exe," "cool screensaver.scr" and "winxp_crack.exe."

Netsky-B may have gotten into companies that have abandoned the practice of blocking executable files at the gateway.

"We have a name for companies who think they have a business reason for allowing self-extracting executable files in," said Roger Thompson, vice president of product development at PestPatrol Inc., a Carlisle, Pa.-based developer of security tools. "We call them 'victims.'"

There are ways to safely send executable files that do not put companies at risk of getting worms, Thompson said. Double zipping the files is one such method.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary