Netsky.p Reaches Medium Threat

The latest variant of the Netsky virus was rated a medium threat Monday, and reportedly infected at least one large European company.

Netsky.p, the 16th variant of the Internet worm, takes advantage of a vulnerability in Microsoft Internet Explorer 5.01 or 5.5 without Service Pack 2. The variant is the first of the Netsky family capable of executing without the PC user clicking on an attachment, antivirus experts said.

Network Associates Inc. and Symantec Corp. have rated Netsky.p a medium risk.

Network Associates has received more than 100 reports of the worm from customers and virus-generated emails. A worm is a type of virus that opens a backdoor in a PC, making it possible for a hacker to take control of the machine to distribute spam, launch a denial of service attack, or steal passwords to Internet accounts.

Netsky.p infected at least one large European company, but it was confined to a few hundred machines.

"The company is as large as a Fortune 500 company in Europe," Vincent Gullotto, a virus expert at Network Associates, said. " It wasn't a widespread outbreak, and the company is still in operation."

Gullotto declined to name the company.

Netsky.p is troublesome because the virus can be executed without a PC user double clicking on the attachment. For this to happen, however, the user must have the Microsoft Outlook e-mail client set to display e-mail written in HTML.

Code embedded in the document automatically executes the Zip file containing Netsky.p, which propagates itself by stealing e-mail addresses from the infected machine.

Virus experts, however, do not expect Netsky.p to become a major threat, primarily because it takes advantage of a vulnerability that Microsoft patched in 2001 Many PC users have either installed the patch, or have upgraded to Internet Explorer 6.0.

Netsky.p arrives in e-mails with these subject lines: stolen document, re: hello, mail delivery, private document, re: notify, re: document, re: extended mail system, re: protected mail system, re: question, private document, and postcard.

Netsky is one of three of the most prevalent virus families on the Internet. The other two are Mydoom and Bagle.

This story courtesy of TechWeb News