|The Netsky worms are named after the Skynet
corporation from the movie The Terminator.
Sophos virus researchers are warning of a new strain of the
Netsky worm, W32/Netsky-R, which
launches denial-of-service attacks on peer-to-peer file sharing
sites, including Kazaa, as well as various sites offering software
The mass-mailing worm spreads via email to addresses harvested
from files found on local drives of infected PCs. It arrives with
the subject line 'Re:Document<random number>' and includes
the message text: 'Excuse me, the important document is attached,
Yours sincerely'. When the attached file 'Document <random
number>' is launched, Netsky-R attempts to launch a
denial-of-service attack against several websites and attempts to
delete a number of registry entries, including some related to the
Bagle family of worms.
Netsky-R is the latest variant to enter the war against the
Bagle worm - including an encrypted message attacking Bagle's
author and threatening further versions of the Netsky worm:
'Yes, true, you have understand it. Bagle is a shitty guy, he
opens a backdoor and he makes a lot of money. Netsky not, Netsky is
Skynet, a good software, Good guys behind it. Believe me, or not.
We will release thousands of our Skynet versions, as long as bagle
"The Netsky worms have been plaguing computer users for a couple
of months now, and people are starting to get pretty sick of the
petty squabbles between the Netsky authors and their virus writing
rivals," said Carole Theriault, security consultant, Sophos. "As
well as attacking websites and mass-mailing to harvested email
addresses, this latest version seems to have singled out someone
called 'Jena' for a personal attack, ensuring that the worm is
always sent to her Yahoo email address. Given the amount of email
generated to the web email account, it must have been rendered
useless by now, unless of course it is being used to track how far
the worm is spreading by the number of mails generated."
Sophos recommends that businesses ensure their anti-virus
protection is up-to-date and filter attachments which may contain
malicious code at the email gateway.