New Netsky Mutant Preps DoS Attack

Anti-virus experts on Monday warned of a new strain of the Netsky virus that has been programmed to launch denial-of-service attacks
on several file-sharing networks.

Netsky-R (W32/Netsky-R), the latest mutant of the pesky virus which started barreling through e-mail networks in early March, copies itself to an infected system’s Windows folder as an executable file. Once executed, the
worm will attempt to launch a DoS attack against P2P sites between April 12 and 16.

The Kazaa file-sharing network is among those targeted.

According to Mass.-based anti-virus firm Sophos, the worm also attempts to delete a number of other registry entries, including some related to the W32/Bagle family of worms. It suggests a continued battle among virus-writers, who have reportedly been swapping insults within the virus codes.

The latest Netsky variant, which is a mass-mailer, spreads via e-mail to addresses harvested from files found on local drives of infected PCs. It arrives with the subject line ‘Re:Document and
includes the message text: ‘Excuse me, the important document is
attached, Yours sincerely’.

Symantec rates mutant’s distribution as “medium” while MessageLabs
maintains a “high risk” threat on all the Netsky variants. Since February this year, MessageLabs has stopped approximately 9 million copies of the virus in more than 200 countries.

According to statistics from Sophos, different versions of the Netsky worm accounted for almost 60 percent of all the virus submissions in March. Netsky-D, a strain which was first intercepted on March 1, was the most-reported virus and accounted for 30 percent of the virus reports.

In addition to the proliferation of Netsky mutants, IT admins are already battling against new variants of W32/Bagle, another “high risk” worm that comes with a backdoor component that listens on TCP port 6777 and lets an attacker execute arbitrary programs on infected systems.

News Around the Web