NetSky.P Mass-Mailer Makes the Rounds
- By Scott Bekker
- March 25, 2004
Anti-virus firms are warning users about a dangerous new variant of the NetSky mass-mailing worm that is flooding inboxes worldwide.
NetSky.P gathers e-mail addresses from infected machines and uses its own SMTP engine to spread. In an ongoing battle among virus writers, the NetSky.P variant attempts to delete registry entries made by the MyDoom and Bagle worms, according to MessageLabs, a provider of managed e-mail security services.
MessageLabs reported that it had intercepted 3.8 million copies of NetSky.P as of mid-day Thursday. Most of the messages arrived after a March 24 trigger date within the code to begin mass-mailing activity. MessageLabs reported an infection ratio for NetSky.P of one in 33 e-mails.
One particularly clever touch on the part of the NetSky.P authors is a spoofed disclaimer at the bottom of the e-mail message. It reads, "No virus found," followed by the name and e-mail address of one of at least eight anti-virus companies, including Symantec, Panda Software, McAfee, MessageLabs and others.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.