New NETSKY mutations appearing weekly

February saw a huge upsurge in virus activity. Before February 25, NETSKY.B was ranked the second most infectious virus according to the global Virus Map published by the Trend Micro World Wide Virus Tracking Center (www.trendmicro.com/map/). Then NETSKY.C appeared on February 25, and on March 2, the C variant climbed to the number one spot on the list in under 24 hours, infecting a sum of 23,300 computers and far outpacing NETSKY.B's 5,753 infected computers. Then, NETSKY.D launched its attack on March 1, masquerading as a pif file. As with the two previous versions, NETSKY.D was listed as a medium risk virus. Living up to its name, the NetSky family is well on its way to infecting “every computer under the sky.”

NetSky randomly selects an e-mail address from an infected computer's address book and sends mass e-mails using that address as the sender's name. If the selected e-mail address has been canceled or is unusable, the virus will send out a delivery failure notification. The method employed is similar to one used by the Klez virus, which distributed pornographic e-mails that appeared to come from a respected religious organization.

Here are some common questions about NetSky.

Q: I have anti-virus software and a firewall installed. Why is my computer still sending out infected e-mails?

A: NetSky randomly selects an e-mail address from an infected computer's address list, and sends infected e-mail out using that e-mail address as the sender. The e-mails were not really sent from your computer, your address was merely used as a fake sender address.

Q: Why do new NETSKY mutations keep appearing? What should we do to combat this virus?

A: TrendLabs noted: “In a short three weeks' time, nine variants of the NetSky virus have appeared. We suspect the authors of the original NetSky continue to monitor the damage being done and intensify their attacks. We do not discount the possibility of even more variants appearing.” Each new variant includes new e-mail subjects and content. From this, one can see that the virus authors are persistently trying new ways of tricking users into opening infected e-mail attachments.

Q: How does NetSky compare in complexity with network viruses like Nimda?

A: NetSky is considered a medium complexity virus. It is more complex than a simple virus written with a virus construction kit (like Anna K), but not as complex as Nimda.

The major difference between NetSky and viruses like Nimda is, in addition to e-mail, NetSky can be spread using file-sharing software like Kazaa. NetSky can copy itself to a Kazaa user's Shared folder, and when other Kazaa users search for a specific string, the infected files will be downloaded.

Q: Does NetSky exploit operating system vulnerabilities?

A: NetSky does not exploit OS vulnerabilities.

Q: Then how can it spread so quickly?

A: It spreads because of users opening infected e-mail attachments.

The main perpetrators of the rapid spread of this virus are computer users themselves, who open e-mail attachments containing the virus. Because the authors intentionally alter e-mail subject lines, content and attachment files with each new mutation, the average user has difficulty knowing which files are unsafe.

Q: Why does NetSky delete registry entries from other well-known viruses like MyDoom?

A: Actually, NetSky is not the first example of this. Many major viruses today (i.e., Blast, CodeRed, etc.) include instructions to delete registry entries of existing viruses. These viruses disable other viruses to prevent any virus already on a computer from interfering with the malicious processes of the new virus.

‘Identity theft awareness high, but consumer confidence low’

A study released by RSA Security in March 2004 reveals a wide gap between consumers' awareness of identity theft and their perceived ability to protect against it. The same research showed that, despite heightened concerns, the majority of consumers continue to use weak password management practices that can greatly contribute to increased vulnerability to identity theft.

“Although government, financial services institutions and the security industry have taken great steps over the past year to increase awareness of identity theft, and encourage better security practices among consumers, organizations still need to go further if they want to see an increase in consumer confidence toward online business,” said John Worrall, vice president of worldwide marketing at RSA Security, “Consumers must feel confident and safe when making online transactions, otherwise, businesses will never realize the cost savings and revenue potential of the Internet.”

Awareness

The study, conducted for the second year in a row by Opinion Research Corporation, and commissioned by RSA Security, was initiated to compare attitudes, perceptions and security practices of consumers today, to their opinions one year ago. More than 1,000 consumers were asked a variety of questions relating to awareness of security issues, feelings of safety, and use of available safeguards against identity theft and computer attacks.

When asked the question, “How informed are you about identity theft issues now when compared to a year ago,” 63 percent of respondents considered themselves “More Informed.” However, of those in this category, 49 percent do not consider themselves any safer, and 26 percent consider themselves more vulnerable than they did in 2003. Only 18 percent of respondents felt safer this year than they did during the same period last year. Of that number, more than half attributed the increase to their own personal safeguards, while fewer than 30 percent cited security technology enhancements or changes in bank policies and procedures.

Passwords a Key Area of Vulnerability

According to the survey, some vulnerability comes as a result of poor management of PINs and passwords for access to online services, desktop computer systems, ATMs and other electronic services. Nearly two in three respondents (63 percent) use fewer than five passwords for all electronic information access, and more than one in ten (15 percent) use only one password for everything.

“Consumers are under the false impression that passwords provide enough security to protect personal information,” said Worrall. “Forward-looking organizations that have a large number of people accessing electronic information, whether they are customers, employees or partners, are recognizing that more reliable forms of authentication are critical for securing important information, including personal information and corporate assets.”

When asked the question, “Which of the following are 'Very Responsible' for protecting you against identity theft,” 65 percent listed themselves, 53 percent listed banks/financial institution, 29 percent cited law enforcement, 27 percent named Federal government and 24 percent listed merchants (more than one response was permitted).

Survey Methodology

The nine-question survey on consumer attitudes, perceptions and security practices was conducted nationwide, by telephone, with 1,022 adults from January 29-February 1, 2004 by Opinion Research Corporation. The margin of error is plus or minus three percent for results based on the entire sample.