Along with the appearance of the NetSky C worm in e-mails with the headline 'Question', 'Fwd: lol', 'Re: hey', security software companies are warning of the spread. Express variant of Mydoom virus with the ability to delete text and image files.
Like Netsky.B, the new variant invades the system if the user clicks on the attachment in the email. Steven Sundermeier, vice president of security at Central Command, said the virus uses very simple mail headers to entice recipients to open files. Once intruded, NetSky.C installed a mail client application on the victim's machine and began broadcasting new e-mail messages, using the addresses it had stolen from the PC itself.
The new variant targets users of file-sharing services. "If you find any directory that has the word" shar "in the name (unlike NetSky.B, which searches for" sharing "folders), it will list a very long list of file names. on the inside, aimed at supporting the cloning, "Sundermeier explained. "That allows viruses to attack through applications like Kazaa file sharing networks or some instant messaging programs."
The number of infected files has very different names such as "Adobe Photoshop 9 full.exe," Microsoft Office 2003 Crack.exe "and" Dark Angels.pif, "respectively.
According to Patrick Hinojosa, chief technology officer of antivirus software company Panda, NetSky.C first appeared on February 24. On Tuesday morning, 3% of users of the online virus-scanning service detected the infection. In one day, this rate was considered significant and showed a faster spread of the new variant than version B. Another difference of NetSky.C is that it causes the user's computer to emit The beeps beep every time an infected file is opened.
Meanwhile, security software firm F-Secure (Finland) has released a new version of the Mydoom worm. This virus is not only capable of denial of service attacks on the Microsoft and RIAA homepages, but also has the potential to ruin text and image files.
The variant, named Mydoom.F, is not as widely distributed as it was in previous versions, but is at risk of damage. Mikko Hyppönen, research director at F-Secure, said: "Mydoom.F sweeps back the victim system several times and gradually deletes the data." Viruses mainly target images and text in Word with extensions such as .jpg, .doc, and .xls.
Users are advised to upgrade their anti-virus tools immediately as all providers have new programs as soon as these variants appear. Mydoom.F is the latest version of the virus series of the same name raging for two months. Experts say it is the "work" of those who have already removed the source code of the virus from the Internet and not using the original virus code. "The first Mydoom virus was a product of spammers and they did not do anything to delete the file," Hyppönen said.
