No announcement yet.

Netsky.B Tunnels Through Windows Systems

  • Filter
  • Time
  • Show
Clear All
new posts

  • Netsky.B Tunnels Through Windows Systems

    A particularly nasty virus is spreading over the Internet, attacking via e-mail and then rapidly infecting the hard drives of computers running Microsoft (Nasdaq: MSFT - news) Windows systems.

    The Netsky.B worm is a mass-mailing worm that uses its own SMTP engine to send itself to the e-mail addresses it finds when scanning hard drives and mapped drives. It searches the drives for folder names containing "share" or "sharing," and then copies itself to those folders. The virus also attempts to deactivate the MyDoom.A and MyDoom.B viruses.

    The worm presents a problem for businesses and consumers, because it is capable of spreading through peer-to-peer software. It also represents an emerging and troubling trend toward blended threats, which use more than one spreading mechanism.

    Cluster Bomb Attack

    Netsky.B is a "cluster bomb" worm, explained Ken Dunham of security firm iDefense. "This virus can create as many as 300 copies of itself in a network once it is inside," he told NewsFactor.

    Another distinguishing characteristic of Netsky, compared to other recent worms, is that it does not leave open the back door, said Jimmy Kuo a research fellow at McAfee AVERT, an arm of Network Associates (NYSE: NET - news). "The file-sharing mechanism is helping this virus spread rapidly."

    As such, the virus is adding hundreds of files to each of the infected machines, and shows no signs of slowing down, Kuo told NewsFactor. He recommended that when users retrieve files they should scan them first, and/or make sure there are not multiple extensions in files received.

    As of Thursday morning, Netsky.B was spreading in the wild, and Symantec (Nasdaq: SYMC - news) raised the threat level associated with it from three to four (five is the highest). "I don't think this has reached its peak yet," Dunham said.

    Networks Are Vulnerable

    "The sharing mechanism could have a dramatic impact on networks," said Dunham. Some 100,000 Netsky.B interceptions have been made worldwide, he noted, although the number of infected machines is lower.

    Using spoofed "from" addresses, the worm employs an array of subject headings, such as "hi," "hello," "read it immediately," "something for you," or "warning," in an effort to get recipients to open the infected e-mail attachment.

    The Netsky virus, also known as "Moodown," first emerged earlier this week, and initially spread rapidly in Europe. The B variant was first detected on Wednesday.

    Turn Off Unused Services

    As with previous worms, users should be wary of opening any e-mail attachments and are advised to upgrade their security software or get the appropriate software patches.

    Also, Symantec advised that users and systems administrators should turn off and remove any unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet and a Web server. If they are removed, blended threats have fewer avenues of attack, and there are fewer services to maintain through patch updates.

  • #2
    We got this at my office yesterday. Didn't seem to do any damage, but we all had to go through the anit-virus scanning process.
    2005 Mandatory Loyalty Oath: I love America, our troops, baseball, Moms, and certain pies. I want no harm to come to any of those institutions, nor do I take any glee in their demise.