New Netsky worms change their stripes
New versions of the Netsky worm may be the work of a different author
April 6, 2004 12:00 PM ETIDG News Service -
New versions of the Netsky e-mail worm are spreading on the Internet and may be the work of a different author than previous editions of that worm, according to antivirus software companies.
Netsky.S appeared yesterday, and Netsky.T was detected today. They are the 19th and 20th editions of an e-mail virus that first appeared in February. Unlike earlier variants, the new Netsky strains open "back doors" on machines they infect, prompting at least one antivirus expert to declare the worm the work of a different virus author.
Network Associates Inc.'s McAfee Antivirus Emergency Response Team (AVERT) rated Netsky.S a "medium" threat. The Santa Clara, Calif.-based company has received around 300 samples from customers and from virus-infected machines, said Craig Schmugar, virus research manager at McAfee AVERT.
The company has received only a few copies of the Netsky.T virus, he said. U.K.-based Sophos PLC said it received just one copy of the Netsky.T worm, according to an advisory.
Like its predecessors, the new Netsky variants target machines running versions of Microsoft Corp.'s Windows operating system. The viruses arrive as files enclosed in e-mail messages that have faked (or "spoofed") sender addresses and vague subjects such as "Re: My details," "Request" and "Thank You!" according to Cupertino, Calif.-based antivirus company Symantec Corp.
Earlier versions of the Netsky variant abstained from opening communications ports that could be used as back doors that remote attackers could use to gain access to compromised systems. They removed copies of the Bagle e-mail worm from infected machines.
Some antivirus experts believe that Netsky's attack on Bagle installations is behind a war of words between the Netsky author or authors and the creators of the Bagle virus family in recent weeks. The two groups have used new worm variants as vehicles for barbs and retorts to previous insults.
In those exchanges, Netsky's author or authors positioned themselves as the "good guys" locked in a battle with online criminals and spammers. One recent variant, Netsky.Q, even contained an impassioned defense of the Netsky worms.
"We don't have any criminal inspirations [sic]. Due to many reports, we do not have any backdoors included for spam relaying," read text hidden in Netsky.Q and transcribed by Sophos and other antivirus companies.
However, the latest Netsky variants abandon the high ground, opening a back door on TCP Port 6789 that could be used to receive instructions or malicious code from the worm author. A message in the new worm tries to make distinctions between opening a back door and installing a remote-access Trojan
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
Viruses
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Security Pathways to Less Complexity
Find pathways to security solutions, possibly peace of mind about your information security.
Mitigate Risk, Lower Costs and Improve Network Efficiency
Create a stable IP network that not only meets today's challenges, but is flexible enough to also meet future demands.
