 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
 Posted: Tue Mar 02, 2004 9:57 am Post subject: Virus Authors Work Overtime; Netsky Spoils Weekend |
 |
|
Virus Authors Work Overtime; Netsky Spoils Weekend
By CXOtoday Staff
Mumbai, March 2, 2004
Virus writers have been busy over the last days, with two new variants of the Netsky worm and five new variants of the Bagle worm found since Friday the 27th of February. Out of these worms, Netsky.D - found on Monday– is spreading at an alarming rate.
The Netsky virus family consists of fairly simple Windows worms, which spread over email and multiply aggressively by sending infected PIF attachments throughout the network. A striking feature of the new Netsky.D worm is its unique program, which is scheduled to trigger a loop of random beeps from the PC speaker on Tuesday morning.
According to Mikko Hypponen, director of Anti-Virus research at F-Secure, "If Netsky.D continues spreading at these levels, it might go on to break the previous records set by Mydoom.A and Sobig.F.”
Speaking to CXOtoday, Niraj Kaushik, country sales manager, Trend Micro India, said, "Due to the multiplying threats, we have released outbreak prevention policies for our customers. These measures will ensure that the worms will be screened even before a cure is released."
F-Secure raised Netsky.D to a ‘Radar Level 1’ alert yesterday, which is the highest alert level possible, and CA gave the worm a high rating of ‘pervasiveness’.
All the new Bagle variants known as Bagle.C, .D, .E, .F and .G were discovered on the Internet during the weekend. The original Bagle.A (also known as Beagle) is a Windows email worm that was first discovered on January 18th, 2004, and became globally widespread in just 24 hours.
All the five new versions of Bagle seem to be written by the same virus author. "It seems the writer is waging a virus war. Apparently he has been monitoring closely how quickly the Antivirus vendors have released detections, then made the necessary alterations to avoid detection and released new versions immediately", added Hypponen.
Bagle.F and .G have an interesting feature in them. Both of them send infected files inside ZIP archives encrypted with a password that is mentioned in the email message. The ZIP itself is variable, as the EXE inside has a random part in it. Most probably the virus this way tries to bypass detection of gateway and server scanners, which might not be able to decrypt such archives.
In addition to this feature, Bagle.F uses deceiving icons for the infected attachments that look like folders, and thus may seem harmless to the end user.
A recording of the beep sound loop played by Netsky.D can be downloaded from F-Secure’s weblog, which is available here.
F-Secure has released free tools, which can be used to remove Bagle or Netsky from infected systems, and can be downloaded through the company’s Virus Information Center.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
