Netsky Worms Just Keep On Coming

On Friday, the latest variant of the pernicious Netsky worm, dubbed Netsky.w, was let loose on the Internet. Earlier this week, Netsky.v, a more dangerous variation, appeared.

April 16, 2004

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

On Friday, the latest variant of the pernicious Netsky worm, dubbed Netsky.w, was let loose on the Internet. Earlier this week, Netsky.v, a more dangerous variation, appeared.

Wednesday's Netsky.v takes a page out of Bagle's playbook by not loading its payload in a file attachment that users must open to become infected. Instead, it exploits a long-known vulnerability in Internet Explorer -- called the Object Data Remote Execution vulnerability -- that was first disclosed, and patched, back in October 2003.

Users of Outlook and Outlook Express who haven't applied the patch and who only read or preview the message can be infected by Netsky.v, warned numerous anti-virus firms.

The no-attachment tactic was last used by a March blitz of Bagle worms -- Bagle.q, Bagle.r, Bagle.s, and Bagle.t -- that one security analysts characterized as kicking the war of worms up a notch.

Netsky.v also shares characteristics with other recent variants, including opening a backdoor component that leaves the infected system at risk for additional attacks (in Netsky.v's case, TCP ports 5556 and 5557 are opened), and scheduling a denial-of-service (DoS) attack against peer-to-peer file-sharing Web sites such as kazaa.com, emule.de, and freemule.net. The DoS attacks are to start on April 22 and run through April 29.This variant also includes embedded text in its code, said anti-virus vendor Panda Software, a trait of many in the Netsky and Bagle families. "Now we are presenting our new AntiHacker Engine - SkyNet Team," the text reads.

The patch for the IE vulnerability to stymie Netsky.v's tactic is available here for versions 5.01, 5.5, 6.0, and 6.0 for Windows Server 2003 of the Microsoft Web browser.

Netsky.w, which was discovered Friday, is a more traditional Netsky worm, in that it includes a file attachment -- the attachment can sport .exe, .pif, .scr, or .zip extensions -- and deletes versions of the MyDoom, Mimail, and Bagle worms it finds on the compromised machine.

Both Netsky.v and Netsky.w are currently tagged as relatively low threats by anti-virus firms.

Read more about:

2004
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events