[virusinfo] New Netsky Variant -- No Attachment Needed
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Thu, 15 Apr 2004 13:57:16 -0700
From; eSecurity Planet:
http://nl.internet.com/ct.html?rtr=on&s=1,uac,1,iop6,h5fa,1std,6jmd
New Netsky Variant Netsky-V -- No Attachment Needed
April 15, 2004
By Sharon Gaudin
Users don't even need to open an attachment to be infected with the latest
variant of the virulent Netsky virus.
Netsky-V, unlike its widespread siblings, spreads without using email
attachments. That means users can get hit with the virus just by opening a
tainted email.
''This makes me a little bit nervous because of the way it automatically
infects machines,'' says Patrick Hinojosa, CTO at Panda Software U.S., an
anti-virus and intrusion prevention company with U.S. headquarters in
Glendale, Calif. ''It doesn't require foolish end users to spread. And
anything that doesn't require user participation to work is bad news.''
Analysts note that a flood of worms and viruses have been plaguing corporate
networks over the last few months. And those infections have occurred
because users, despite being educated about the dangers of attachments, were
either negligent enough to click on an attachment or they were conned into
it. That leaves analysts worrying how bad a virus infection could get if a
user doesn't have to screw up to make it work.
''This is a problem,'' says Hinojosa. ''Smart user, not a smart user -- it
doesn't really matter. What matters here is if you have patched software.
These are the viruses that can spread pretty fast... How successfully it
spreads just depends on how well it was written.
''I'm just hoping this one wasn't written very well,'' adds Hinojosa.
So far, it's unclear how quickly this worm is spreading. Since it was just
released into the wild, the numbers on it aren't really in it.
This new V variant has malicious XML code hidden in the message body of the
email. When a user opens the email to read it, the code automatically seeks
out a known object validation vulnerability in Microsoft Corp.'s Outlook and
Internet Explorer software. The vulnerability allows the malicious code to
be trusted, installed and executed on the local system.
Once the computer is infected, the malicious code will install a backdoor
that listens to TCP ports 5556 and 5557. Netsky-V is designed to launch
denial-of-service attacks on several Web sites between April 22 and April
28. The sites to be attacked include kazaa.com; emule.de; cracks.am;
freemule.net, and keygen.us.
Ken Dunham, director of malicious code at iDefense, a security intelligence
firm based in Reston, Va., says Microsoft released information about the
vulnerability, along with a patch to correct it, early last October. If a
system has been patched, Netsky-V will not be able to infect the computer.
But Hinojosa says there are millions of computers that have not been
updated, so are vulnerable to the attack.
''There are millions of unpatched computers on the corporate side,'' says
Hinojosa. ''Most U.S. workers work for companies with fewer than 25
employees. They don't have a system administrator. And that's not counting
all the home users -- the millions of home users -- who haven't patched
their systems in the last several months. How fast this spreads depends only
on how well it was written.''
_____________________________________________
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] New Netsky Variant -- No Attachment Needed
