Print
Discuss
Send to friend
RSS feedsNew versions of the Netsky and Bagel worms have emerged in the wild, but neither infection seeks to rekindle the public spat that broke out last week between the rival virus authors.
Security experts reported that both the Netsky J and Bagel K mutant worms were spreading, but that the virus writers' slanging match appears to have ended.
The latest Bagel variant uses new social engineering techniques to persuade readers to open the password-protected zip file attachment.
The message warns that complaints have been made against the recipient for improper email use.
Carole Theriault, security consultant at Sophos said: "There is no progress in the war of words.
"There are still messages in Bagel K but they haven't changed which indicates they were just left in when this variant was created. The message is a nasty tactic as well; making people paranoid is never pleasant."
The virus generates a message claiming that a user's email account has been temporarily disabled because of 'unauthorised access' and urges them to open the attachment in order to reactivate the account.
The full body copy of the virus-generated email also attempts to make its recipient open the attachment by claiming that it will remove viruses that are present on the user's PC.
With the usual disregard for spelling and grammar, the virus text claims: "Your e-mail account has been temporary disabled because of unauthorized access.
"Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software."
Once activated the worm collects email addresses and mails itself onwards using its own SMTP engine. It also listens at port 2745 and can download files remotely.
Bagel K is currently spreading more slowly than the other new variant Netsky J.
"The new Netsky is a medium range threat and we are not expecting it to blow up," said David Emm, product marketing manager at McAfee Security.
"This is a repackaged Netsky D: very similar but with a different 32-bit compression packer to get it past filters. We are not seeing any more messages but that does not mean it's all over."
The latest Netsky variant comes as an attachment to an email with a number of social engineering headers. After being executed, it harvests email addresses and mails itself out as a .pif attachment.
The worm also attempts to shut down any antivirus software in operation on the PC, and removes any Bagel worm infestation.
See also:
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack. 15 Apr 2004
Sober variant employs latest social engineering technique 08 Mar 2004All Enterprise Security Technology
del.icio.us
Digg this
reddit!
