March 22, 2004
The latest variant of the Netsky virus was rated a medium threat Monday, and reportedly infected at least one large European company.
Netsky.p, the 16th variant of the Internet worm, takes advantage of a vulnerability in Microsoft Internet Explorer 5.01 or 5.5 without Service Pack 2. The variant is the first of the Netsky line capable of executing without the PC user clicking on an attachment, antivirus experts said. Network Associates Inc. and Symantec Corp. rated Netsky.p a medium risk. Network Associates has received more than 100 reports of the worm from customers and virus-generated E-mails. A worm is a type of virus that opens a backdoor in a PC, making it possible for a hacker to take control of the machine to distribute spam, launch a denial-of-service attack, or steal passwords to Internet accounts. Netsky.p infected at least one large European company, but it was confined to a few hundred machines. "The company is as large as a Fortune 500 company in Europe," said Vincent Gullotto, a virus expert at Network Associates who declined to identify the company. "It wasn't a widespread outbreak, and the company is still in operation." Netsky.p is troublesome because the virus can be executed without a PC user double-clicking on the attachment. For this to happen, however, the user must have the Microsoft Outlook E-mail client set to display E-mail written in HTML. Code embedded in the document automatically executes the Zip file containing Netsky.p, which propagates itself by stealing E-mail addresses from the infected machine. However, virus experts don't expect Netsky.p to become a major threat, primarily because it takes advantage of a vulnerability that Microsoft patched in 2001. Many PC users either have installed the patch or have upgraded to Internet Explorer 6.0. Netsky.p arrives in E-mails with these subject lines: stolen document, re: hello, mail delivery, private document, re: notify, re: document, re: extended mail system, re: protected mail system, re: question, private document, and postcard. Netsky is one of three of the most prevalent virus strains on the Internet, along with MyDoom and Bagle.
About the Author(s)
You May Also Like