The Web    Google
Netsky-P a Year Old and Going Strong

Netsky-P a Year Old and Going Strong
March 4, 2005
After a year in the wild, the Netsky-P worm retains its tight grip on the list of Most Malicious Malware in the wild.

The worm finally let go of the top spot a few months back, but now sits firmly in second place, accounting for 22.3 percent of all malware in the wild, according to reports from Sophos, Inc., an anti-virus and anti-spam company with a U.S. base in Lynnfield, Mass.

Netsky-P was first discovered in March of 2004.

What makes Netsky-P stand out is the fact that it's ranked at the top of nearly every Worst Virus List for the past twelve months.

A variant of the highly damaging Netsky family, the worm has ranked at or near the top on the charts of various anti-virus vendors. Central Command, an anti-virus vendor out of Medina, Ohio, ranks Netsky-P in its Top Five list. More notably, Central Command ranked Netsky-P as the most prevalent malware of 2004.

This also was the year of the entire Netsky worm family, according to Graham Cluley, senior technology consultant at Sophos. The Netsky family rampaged through the wild this year, with 30 variants hitting the Internet since the family first appeared in February of 2004.

The P variant spreads through email, as well as through network shares. Sundermeier points out that once the worm finds those shared files, it will drop a ''whole laundry list'' of added files into them.

Netsky-P also employs social engineering tricks. The worm follows whatever text that sits in the message body with a tag line that leads the reader to believe the email has been scanned by an anti-virus company and has been deemed safe.

The malware is a mass-mailing worm which spreads by emailing itself to addresses harvested from files on local drives. The worm copies itself to the Windows folder as FVProtect.exe.

  • Platform Logic Wraps OS, Apps With Security Protections
  • 7/13: Rbot-DL Empowers Remote Users
  • 2/8: Wallz Worm Exploits LSAS Flaw
  • 12/27: Worm_Santy-F Targets phpBB Applications
  • Check Point Directing Security to Web Applications, End Points
  • 11/23: Backdoor.Sdbot.AH a Network-Aware Worm
  • Secure Messaging Vendor Offers Management Appliance
  • 3/8: SymbOS/Commwarrior-A Hits Nokia
  • Cisco's Bundle of Virus-Fighters
  • 2/8: Wallz Worm Exploits LSAS Flaw
  • Report Raps Cisco's Security
  • Security Camera Articles