Spam-generating Netsky worm taking its toll

Published Mar 3, 2004

Share

The nasty bug that hit computers around the world this week is still generating millions of infected emails.

The Star was among South African firms forced, briefly, to shut down their email servers on Tuesday. Other companies were warning staff against any emails with attachments.

The Netsky.D worm crashed servers around the world on Monday, and many computer experts worried that it would out-proliferate the infamous Mydoom.A and Sobig.F worms. Fortunately it appears to be on the wane internationally.

In South Africa, the worm managed to send out 12 000 emails in just three hours from a single computer.

Where virus protection software was not sufficiently updated to prevent the infection, Netsky.D invaded in-boxes, sending out spam emails.

Gary Middleton, of Dimension Data, explained that because Netsky.D was a worm it didn't need a user to click on the file to start the multiple sending of emails.

"A virus needs some type of human interaction to get it going, a worm spreads itself automatically. It means you don't have to double click on the file, the worm comes in on its own and gets going," Middleton said.

Craig Geel, of Secure Data, said the worm comes through as an email with an attached programme information file (.pif) and a subject line.

He explained the titles varied and could be headed: "re: Your letter", "re: Your document", "re: Approved" etc, giving the user the impression that it is a response.

"It selects the first 50 names in your address book and automatically forwards them," Geel said. "But this isn't always the case. We had a customer whose machine sent 12 000 emails in three hours. That's all it's really doing - sending emails."

Neither Dimension Data or Secure Data were affected. Louis Lehmann, the director of IT security at Standard Bank, said their systems had not been affected by Netsky.D as the bank had sufficient virus protection systems in place.

He said Netsky.D was not expected to affect Internet banking in anyway: "We run daily scans against viruses, so our clients won't be affected."

He pointed out, however, that because Netsky.D sent spam emails to addresses in the user's email, it gave the impression that the worm was spread by big businesses when this was not the case.

Nedbank said it also had adequate virus protection software in place.

But the University of Witwatersrand was affected by the worm. One of the assistant directors of the institution's Computer Network Services, Rosa Kotsiovos, said they had been able to contain it.

"We have been hit and there are a lot of unnecessary emails hitting our network but it has not come to a grinding halt. We do have software in place to pick up viruses and let's say we've managed the situation."

Middleton explained the damage that Netsky.D caused by sending out large numbers of emails basically amounted to blocking networks and causing some servers to crash.

The programming of viruses and worms, he said, posed the greatest security threat to computer users.

Related Topics: