Security news
Security news22 April 2004
"We don't need no education" - Netsky-Z worm contains website attack payload, reports Sophos
 |
| The Netsky worms are named after the Skynet corporation from the movie The Terminator. |
Researchers at Sophos are warning users of the latest variant of the prevalent Netsky worm, W32/Netsky-Z, which is spreading in the wild. The worm is capable of turning infected computers into launchpads for an attack designed to knock a number of websites off the internet.
Hidden inside the worm is a clock, ticking down until early May when it is designed to launch a distributed denial-of-service attack against three websites with an educational focus - www.educ.ch, www.medinfo.ufl.edu and www.nibis.de - based in Switzerland, USA, and Germany.
Two earlier spreading variants of Netsky (Netsky-X and Netsky-Y) have also scheduled attacks against the same websites, but these are programmed to cease at the end of April.
"It's anyone's guess why this virus writer is targeting these websites with a denial of service attack. Maybe he or she has a grudge against them," said Graham Cluley, senior technology consultant for Sophos. "Earlier strains of Netsky have focused on file sharing websites such as KaZaA. The different flavours of Netsky have dominated the virus landscape this year, and despite the similarities between several of the worms, computers users are still getting caught out. Everyone should ensure that their anti-virus software is updated and learn to treat all email attachments - even those which come with apparently innocuous subject lines - with caution."
Netsky-Z spreads via email, using the same subject lines, including 'Information', 'Document' and 'Important', as its predecessors. The worm arrives in a file with an attached ZIP file with file names such as 'Bill.zip', 'Important.zip' and 'Details.zip'.
"It seems sadly inevitable that there will be future versions of the Netsky worm, and some people may wonder what we will call them now we have seemingly reached the end of the road with Netsky-Z. The simple answer is we start at the beginning of the alphabet again with Netsky-AA," continued Cluley.
Sophos recommends that companies ensure their systems are protected with the latest anti-virus updates. Sophos's anti-virus solutions can be automatically updated, ensuring the latest virus protection is in place against the latest threats even when your office is unmanned.
