Netsky Worm Hits the Net

Antivirus software companies are warning that a new version of the NetSky e-mail worm is circulating on the Internet. The warning comes only a day after the appearance of a new variant of the Beagle or "Bagle" worm prompted similar warnings.

NetSky.B, also known as Moodown.B, first appeared on Wednesday and is spreading via infected e-mail messages and shared network folders. Once installed, NetSky tries to disable antivirus software, steal e-mail addresses, and copy itself to shared network folders, antivirus companies say.

The new worm is a modified version of NetSky.A, which appeared on Monday. Like its predecessor, NetSky.B arrives in e-mail messages that have randomly generated subject lines such as "something for you," "hello," or "fake." The worm file is contained in a zipped attachment that also has a randomly generated name and file type such as "document" "stuff" or "party." File attachments with an .exe, .scr, or .pif extension are also common, says antivirus company TruSecure.

Keeping Track

Network Associates is receiving between 40 and 50 copies of the worm each hour, both from customers and worm-generated e-mail, according to a company spokesperson. Most copies of the worm appear to be coming from the Netherlands and elsewhere in Europe, says NAI, TruSecure, and others.

Antivirus companies released updated virus definition files to spot the new version of NetSky and advised customers to update their antivirus software as soon as possible.

The new worm outbreak follows a similar infestation on Tuesday, when a new version of the Beagle (or "Bagle") worm surfaced and began spreading rapidly.

The sudden appearance of virus-laden e-mail messages may be evidence of a virus spreading, or of a massive "seeding" of a new virus using spam e-mail messages, antivirus experts says. A similar seeding was behind the sudden appearance of NetSky.A on Monday, says antivirus company F-Secure of Helsinki.

Subscribe to the Security Watch Newsletter

Comments