NetSky.B Worm Gains More Traction

The mass-mailing e-mail worm, a more virulent variant of an earlier worm, is considered a medium-to-high threat as it trolls folders for e-mail targets.

A new mass-mailing worm, called NetSky.B, is spreading rapidly after beginning to make the rounds of e-mail inboxes on Tuesday.

NetSky.B is a variant of the NetSky.A worm identified earlier in the week, but is posing a greater risk of spreading and infecting machines, security vendors warned Wednesday. Symantec Corp. rated NetSky.B a Category 4 threat, its second-highest level, while Network Associates Inc. and F-Secure Corp. rated it as a medium threat.

NetSky.B is distributed through e-mails as a ZIP archive or an executable attachment. Once opened, the worm runs a file and then displays a fake error message that reads, "The file could not be opened!"

Once infecting a machine, the worm searches for e-mail addresses and scans hard drives and mapped drives, including drives C through Z, for folder names that contain the words "share" or "sharing." It then copies itself to those folders and, when an Internet connection is present, starts spreading through ZIP archives and other attachments to e-mail.

Symantec reports more than 1,000 infections and more than 10 sites. While the worm does not appear to be malicious by deleting files or crashing systems, it can degrade performance, security vendors report.

Network Associates in its security alert reports that NetSky.B attempts to deactivate the MyDoom.A and MyDoom.B viruses, which earlier this month overloaded e-mail inboxes worldwide and included payloads to trigger DoS (denial-of-service) attacks against the Web sites of the SCO Group Inc. and Microsoft Corp.

NetSky.B affects systems running Microsoft Windows 95 and higher. It does not affect systems running earlier versions of Windows or running Linux, Mac OS X or Unix, according to Symantec.

/zimages/3/28571.gifCheck out eWEEK.coms Security Center at security.eweek.com for security news, views and analysis.