Symantec raises alert to level three…
Published: 30 March 2004 09:25 GMT
The severity rating of the latest incarnation of the NetSky worm has been raised by security firm Symantec.
NetSky.Q was upgraded from a level two to level three threat on the security company's five-point rating system. Symantec said it has received 379 reports of the worm since its discovery on Sunday.
"We see quite a few variations of any major threat," said Sharon Rockman, senior director of Symantec Security Response. "But what is unusual about this time is we are having so many level three upgrades with NetSky, MyDoom and Bagle...Usually, there is one [worm] that is very popular and one to three variants."
Two previous NetSky variants received an upgrade to level three for their wide distribution.
NetSky is a mass-mailing worm that uses a bogus sender address and continually changes its subject line and content. An email attachment usually carries an .exe, .pif, .scr or .zip file extension. The worm distributes itself to email addresses in a victim's hard drive and copies itself into shared folders via file-sharing programs.
Unlike its predecessors, NetSky.Q is scheduled to trigger a beeping alarm at 5:11am US time on Tuesday. This will occur only in infected computers that are operating at the time the alarm is set. NetSky.Q is also expected to release a denial-of-service attack between 8 April and 11 April on several websites, including those of eDonkey2000, Kazaa, eMule, Cracks.am and Cracks.st, according to Symantec.
The latest NetSky variant marks the second consecutive time the worm has been upgraded to a level three threat since the original author announced plans in early March to discontinue releasing variants. That announcement, part of NetSky.K, also noted that the worm's source code would be published, making it available for others to use.
Following the NetSky.K announcement, four other versions of NetSky were released, but those never exceeded a level two threat. Antivirus experts speculated that they were written by other authors who may not have had the same widespread distribution system as the original author had.
Security experts say it's difficult to ascertain whether the original author has stepped back into the game or new virus writers have become more proficient in developing a distribution system for their work.
"Once you release the source code, it's hard to tell if it's from a new author or the original writer," Rockman said.
Dawn Kawamoto writes for CNET News.com
They offer all their customers unbeatable technical support, with a team of experts on call to assist with product selection. High speed clock ...
Symantec Security Consultant / Engineer (Symantec SEP, SEE) required urgently for pivotal role within an award winning IT security company who are ...
IT Security Engineer / Network Security Consultant (Symantec SEP, SEE, SAV) Our client is an award winning single supplier of all IT security ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy