Netsky, which has not triggered a major virus alert since the middle of last year, is a mass mailing worm that uses clever social engineering techniques to fool users into opening its attachments. The worm can also take advantage of an old vulnerability in Microsoft's Internet Explorer browser.
Mark Sinclair, technical services manager at Trend Micro Australia and New Zealand, said that although January 2005 was relatively peaceful in terms of virus infections, the company still recorded 2,236 malware programs, which is a 500 percent increase when compared to January last year. Despite this massive increase, he said Netsky was still causing the most problems.
"Netsky still dominates Australian infections for January 2005. The key to its success is its use of social engineering techniques, which lowers the user's vigilance. Netsky.P chooses from hundreds of possible subject lines and message bodies while also falsely stating that the e-mail has been scanned by antivirus software," said Sinclair.
Additionally, Sinclair said that Netsky is difficult to guard against on unpatched PC.
"Netsky.P possesses one attribute that makes it difficult to guard against - it exploits an IE vulnerability (MS01-020) that was announced three years ago, which allows the automatic execution of e-mail attachments when an email message is read or even just previewed," he said.
Sean Richmond, senior technical consultant at Sophos in Australia and New Zealand, which also released its virus report for January, said he was disappointed that the majority of malware infections over the past month could be dealt with using up to date security software.
"It is disappointing to note that January's top-ten entries have all been stoppable for at least six weeks. While most of the entries are more than six months old they are still polluting the email streams of thousands of internet users," said Richmond.
Richmond said that one in every 23 e-mails circulating in January contained a virus, so users should consider making another new year's resolution.
"Something along the lines of 'I will not double-click on random executable attachments'," said Richmond.
You don't need to click on a link to be infected now. Netsky Betsky!
The Australian Financial Review - Page: 53 : 11-Aug-2004
Original article by Rachel Lebihan
"An Australian computer software specialist predicts a new breed of virus is likely. Nigel Phair, the team leader of investigations at the Australian High Tech Crime Centre, told a Sydney IT security conference on 10 August 2004 that computer users will not even have to open a "phishing" email to activate its course of destruction. He said the contamination will be triggered when the message is viewed in the preview panel of an email program."
Firm claims auto-phishing emails discovered: Just open them and you're done for
By INQUIRER staff: Wednesday 03 November 2004, 13:23
Supplied by Reuters
"MESSAGE LABS said it has intercepted emails which auto-capture bank details when they're opened. It says it interecepted several emails at the end of October targeting three Brazilian banks, but the technique may be used for other banks. Usually, "phishing" emails work by masquerading as legitimate emails from banks and other online services.
But one way of protecting yourself from these auto-phishing attacks is to disable Windows scripting, Message Labs notes.
The mails work by running a script which attempts to rewrite host files of the machine that it's targeting. The next time you attempt to log into an Internet site, you are automatically re-directed to a fraudulent one, allowing your login details to be appropriated."
So keep reading your emails in the safe knowledge that Trend Micro has no idea of the latest sophisticated methods of attack.
You are not protected from auto-download's, which may have resulted from a hack of the third party advertising tracking cookie with additional java-script. Some researchers recommended turning off preview panes late last year. I recommend using Process Guard in addition to Anti-Virus, Anti-Spyware and a Firewall, to prevent critical files being interfered with. A Registry Manager is useful for Experts only.