• silicon.com
• Technology
• Security

By James Pearce, 24 February 2004 09:30

NEWS Email inboxes are being swamped as Netsky.B continues to increase its infection rate.

The worm first appeared on 17 February and appears to have originated in the Netherlands. Email management company MessageLabs claims to have stopped more than 1.3 million emails since the virus started spreading, and believes the infection rate is increasing rapidly. Symantec has rated the worm as severe. This means the worm is a dangerous threat and is difficult to contain. The worm does require the user to open the attachment with the email.

"These days it's less to do with technology, with the code of the virus, and more to do with social engineering," David Banes of MessageLabs told silicon.com's sister site ZDNet Australia.

Netsky.B scans the hard drives and shared drives of an infected computer for email addresses and then uses its own SMTP engine to mail itself to those addresses. The worm also searches for folder names containing "share" or "sharing" and copies itself to those folders using a variety of file names.

The worm appears in the inbox using a spoofed "from" address and a subject line chosen from one of the following: hi, hello, read it immediately, something for you, warning, information, stolen, fake, unknown.

The body of the email contains a variety of messages, and the attachment will normally have a double-file name or be a zip file. When the file is opened it displays a message "The file could not be opened!" before going to work. In the last 24 hours, MessageLabs has stopped more than 10 times as many Netsky.B worms as MyDoom worms. Symantec has a removal tool here.

James Pearce writes for ZDNet Australia. For more news from ZDNet Australia click here