Press Releases

Browse our press release archive

22 Apr 2004

"We don't need no education" - Netsky-Z worm contains website attack payload, reports Sophos

Netsky. Image copyright (c) Sophos.
The Netsky worms are named after the Skynet corporation from the movie The Terminator.

Researchers at Sophos are warning users of the latest variant of the prevalent Netsky worm, W32/Netsky-Z, which is spreading in the wild. The worm is capable of turning infected computers into launchpads for an attack designed to knock a number of websites off the internet.

Hidden inside the worm is a clock, ticking down until early May when it is designed to launch a distributed denial-of-service attack against three websites with an educational focus - www.educ.ch, www.medinfo.ufl.edu and www.nibis.de - based in Switzerland, USA, and Germany.

Two earlier spreading variants of Netsky (Netsky-X and Netsky-Y) have also scheduled attacks against the same websites, but these are programmed to cease at the end of April.

"It's anyone's guess why this virus writer is targeting these websites with a denial of service attack. Maybe he or she has a grudge against them," said Graham Cluley, senior technology consultant for Sophos. "Earlier strains of Netsky have focused on file sharing websites such as KaZaA. The different flavours of Netsky have dominated the virus landscape this year, and despite the similarities between several of the worms, computers users are still getting caught out. Everyone should ensure that their anti-virus software is updated and learn to treat all email attachments - even those which come with apparently innocuous subject lines - with caution."

Netsky-Z spreads via email, using the same subject lines, including 'Information', 'Document' and 'Important', as its predecessors. The worm arrives in a file with an attached ZIP file with file names such as 'Bill.zip', 'Important.zip' and 'Details.zip'.

"It seems sadly inevitable that there will be future versions of the Netsky worm, and some people may wonder what we will call them now we have seemingly reached the end of the road with Netsky-Z. The simple answer is we start at the beginning of the alphabet again with Netsky-AA," continued Cluley.

Sophos recommends that companies ensure their systems are protected with the latest anti-virus updates. Sophos's anti-virus solutions can be automatically updated, ensuring the latest virus protection is in place against the latest threats even when your office is unmanned.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.