IDG News Service - A new version of the NetSky e-mail worm has begun circulating on the Internet, antivirus software companies reported today.
Like its predecessor, NetsSky.B, which struck last week, the worm, known as NetSky.C, arrives via e-mail messages with familiar subject lines like "Question," "Fwd: lol" and "Re: hey." Users launch the worm by clicking on attachments accompanying the messages.
"They're keeping subject messages really simple, which entices users to click on the attachment," said Steven Sundermeier, the vice president of products and services at Central Command Inc., a security software vendor in Medina, Ohio. "You could see how that kind of piques users' curiosity."
Once launched, the worm installs its own mail server on the user's computer and begins sending infected e-mail using addresses it collects from the infected computer.
The worm also appears to target users of file-sharing services, said Sundermeier. "If it finds any subdirectory that has the word shar in its name, it will drop a long list of enticing file names in it, which are copies of itself," Sundermeier said. "That now makes it available through file-sharing applications like Kazaa or instant messaging applications."
These infected files have a variety of names, including "Adobe Photoshop 9 full.exe," Microsoft Office 2003 Crack.exe" and "Dark Angels.pif," Sundermeier said.
NetSky.C first appeared late last night, said Patrick Hinojosa, chief technology officer at Panda Software Inc. in Glendale, Calif. By this morning, 3% of the users of Panda's online virus-checking service were infected, he said. "Three percent within one day is a pretty good clip, so this one looks like it's spreading a little bit faster than NetSky.B," he said.
The NetSky.C worm is very similar to its NetSky.B predecessor, but Version B uses different subject lines and searches for subdirectories with the word sharing instead of shar, Sundermeier said.
Another difference is that Version C causes the user's computer to play a sound when the infected file is launched. "It's kind of a computerish-type sound," said Hinojosa. "That's a sure sign when you get it."
NetSky.B also displays a Windows error message saying, "The file could not be opened," when it infects a computer, he said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
