Sophos, a world leader in protecting businesses against spam and viruses, is warning of a new variant of the Netsky worm called W32/Netsky-C. It has already received several reports of this worm spreading in the wild.
The worm spreads via email - forwarding itself to email addresses found on the hard drives of infected computers - and via file sharing networks such as Kazaa and the ICQ chat system.
When sent via email the worm uses a wide variety of filenames, subject lines and message bodies. But when spreading via file sharing networks the worm poses as a mixture of patches, music, hacks, cracks and pornography. Filenames which can be used by the worm include:
Teen Porn 16.jpg.pif
How to hack.doc.exe
Microsoft Office 2003 Crack.exe
Microsoft WinXP Crack.exe
The Sims 3 crack.exe
XXX hardcore pic.jpg.exe
"No-one deserves to be hit by a worm like Netsky-C - but computer users need to take some responsibility for the protection of their own data. Don't make it easy for the virus writers by being tempted into downloading and running programs which claim to be hacks, cracks and seedy porn," said Graham Cluley, senior technology consultant at Sophos. "Companies should ensure their anti-virus protection is up-to-date to prevent Netsky-C from spreading across their systems, and ensure all users are familiar with safe computing best practice."
Curiously, the Netsky-C worm contains the following text embedded in its code:
<-<- we are the skynet - you can't hide yourself! - we kill malware writers (they have no chance!) - [LaMeRz-->]MyDoom.F is a thief of our idea! - -< SkyNet AV vs. Malware >- ->->
Further information and protection against W32/Netsky-C
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.