Anti-virus software companies are warning that a new version of the NetSky e-mail worm is circulating on the Internet, only a day after the appearance of a new variant of the Beagle or "Bagle" worm prompted similar warnings.
NetSky.B, also known as Moodown.B, first appeared on Wednesday and is spreading through infected e-mail messages and shared network folders. Once installed, NetSky tries to disable antivirus software, steal e-mail addresses and copy itself to shared network folders, anti-virus companies said.
The new worm is a modified version of NetSky.A, which appeared on Monday. Like its predecessor, NetSky.B arrives in e-mail messages that have randomly generated subject lines such as "something for you," "hello" or "fake". The worm file is contained in a zipped attachment that also has a randomly generated name and file type such as "document" "stuff" or "party". File attachments with an .exe, .scr or .pif extension are also common, said anti-virus company TruSecure Corp.
Network Associates is receiving between 40 and 50 copies of the worm each hour, both from customers and worm-generated e-mail, according to a company spokeswoman. Most copies of the worm appear to be coming from the Netherlands and elsewhere in Europe, said NAI, TruSecure and others.
Anti-virus companies released updated virus definition files to spot the new version of NetSky and advised customers to update their software as soon as possible. The new worm outbreak follows a similar infestation on Tuesday, when a new version of the Beagle (or "Bagle") worm surfaced and began spreading rapidly.
The sudden appearance of virus-laden e-mail messages may be evidence of a virus spreading, or of a massive "seeding" of a new virus using spam e-mail messages, experts said. A similar seeding was behind the sudden appearance of NetSky.A on Monday, said antivirus company F-Secure.
Find your next job with techworld jobs