Security news
Security news1 March 2004
Netsky-D worm takes the PIF, Sophos reports on email virus
 |
| The Netsky worms are named after the Skynet corporation from the movie The Terminator. |
Sophos researchers have warned users to be wary of a new email-aware worm, W32/Netsky-D, which is spreading via email disguised as a PIF file.
The Netsky-D worm arrives in an email using a variety of subject names (including Re: Approved, Re: Details, Re: Document, Re: Your letter, Re: Your picture) and attached file names (including all_document.pif, application.pif, document.pif, your_letter.pif, your_product.pif)
"Many users who are wary of EXE, SCR and VBS files which arrive in their email may not realise that PIF files are equally capable of being malicious," said Graham Cluley, senior technology consultant for Sophos. "All users should be wary of any unsolicited email attachment which arrives in their inbox. Ideally, all businesses would proactively filter executable content at the gateway, so it cannot reach tempted users."
In a bizarre payload, the Netsky-D worm beeps sporadically if run on 2 March 2004 between 06:00 and 08:59. Sophos researchers have also discovered that the worm contains a secret message hidden inside its code: "be aware! Skynet.cz -
Sophos recommends companies consider blocking all executable code at their email gateway. It is rarely necessary to allow users to receive programs via email from the outside world. There is so little to lose, and so much to gain, simply by blocking all emailed programs, regardless of whether they contain viruses or not.
Sophos is also warning users of five new variants of the Bagle worm, which were released over the weekend.
"It's March madness," continued Cluley. "To avoid being hit by one of these prevalent worms, users should be wary of any unsolicited email which arrives in their inbox. Businesses can add an extra layer of protection by proactively filtering out viruses at the gateway."
Sophos PureMessage can block unwanted code at the email gateway, helping to enforce a corporate email policy.
