New NETSKY mutations appearing weekly
February saw a huge upsurge in virus activity. Before February
25, NETSKY.B was ranked the second most infectious virus according to the global
Virus Map published by the Trend Micro World Wide Virus Tracking Center (www.trendmicro.com/map/).
Then NETSKY.C appeared on February 25, and on March 2, the C variant climbed
to the number one spot on the list in under 24 hours, infecting a sum of 23,300
computers and far outpacing NETSKY.B's 5,753 infected computers. Then, NETSKY.D
launched its attack on March 1, masquerading as a pif file. As with the two
previous versions, NETSKY.D was listed as a medium risk virus. Living up to
its name, the NetSky family is well on its way to infecting every computer
under the sky.
NetSky randomly selects an e-mail address from an infected
computer's address book and sends mass e-mails using that address as the sender's
name. If the selected e-mail address has been canceled or is unusable, the virus
will send out a delivery failure notification. The method employed is similar
to one used by the Klez virus, which distributed pornographic e-mails that appeared
to come from a respected religious organization.
Here are some common questions about NetSky.
Q: I have anti-virus software and a firewall installed.
Why is my computer still sending out infected e-mails?
A: NetSky randomly selects an e-mail address from an infected
computer's address list, and sends infected e-mail out using that e-mail address
as the sender. The e-mails were not really sent from your computer, your address
was merely used as a fake sender address.
Q: Why do new NETSKY mutations keep appearing? What should
we do to combat this virus?
A: TrendLabs noted: In a short three weeks' time,
nine variants of the NetSky virus have appeared. We suspect the authors of the
original NetSky continue to monitor the damage being done and intensify their
attacks. We do not discount the possibility of even more variants appearing.
Each new variant includes new e-mail subjects and content. From this, one can
see that the virus authors are persistently trying new ways of tricking users
into opening infected e-mail attachments.
Q: How does NetSky compare in complexity with network
viruses like Nimda?
A: NetSky is considered a medium complexity virus. It is
more complex than a simple virus written with a virus construction kit (like
Anna K), but not as complex as Nimda.
The major difference between NetSky and viruses like Nimda
is, in addition to e-mail, NetSky can be spread using file-sharing software
like Kazaa. NetSky can copy itself to a Kazaa user's Shared folder, and when
other Kazaa users search for a specific string, the infected files will be downloaded.
Q: Does NetSky exploit operating system vulnerabilities?
A: NetSky does not exploit OS vulnerabilities.
Q: Then how can it spread so quickly?
A: It spreads because of users opening infected e-mail
The main perpetrators of the rapid spread of this virus
are computer users themselves, who open e-mail attachments containing the virus.
Because the authors intentionally alter e-mail subject lines, content and attachment
files with each new mutation, the average user has difficulty knowing which
files are unsafe.
Q: Why does NetSky delete registry entries from other
well-known viruses like MyDoom?
A: Actually, NetSky is not the first example of this. Many
major viruses today (i.e., Blast, CodeRed, etc.) include instructions to delete
registry entries of existing viruses. These viruses disable other viruses to
prevent any virus already on a computer from interfering with the malicious
processes of the new virus.
Identity theft awareness high, but consumer
A study released by RSA Security in March 2004 reveals
a wide gap between consumers' awareness of identity theft and their perceived
ability to protect against it. The same research showed that, despite heightened
concerns, the majority of consumers continue to use weak password management
practices that can greatly contribute to increased vulnerability to identity
Although government, financial services institutions
and the security industry have taken great steps over the past year to increase
awareness of identity theft, and encourage better security practices among consumers,
organizations still need to go further if they want to see an increase in consumer
confidence toward online business, said John Worrall, vice president of
worldwide marketing at RSA Security, Consumers must feel confident and
safe when making online transactions, otherwise, businesses will never realize
the cost savings and revenue potential of the Internet.
The study, conducted for the second year in a row by Opinion
Research Corporation, and commissioned by RSA Security, was initiated to compare
attitudes, perceptions and security practices of consumers today, to their opinions
one year ago. More than 1,000 consumers were asked a variety of questions relating
to awareness of security issues, feelings of safety, and use of available safeguards
against identity theft and computer attacks.
When asked the question, How informed are you about
identity theft issues now when compared to a year ago, 63 percent of respondents
considered themselves More Informed. However, of those in this category,
49 percent do not consider themselves any safer, and 26 percent consider themselves
more vulnerable than they did in 2003. Only 18 percent of respondents felt safer
this year than they did during the same period last year. Of that number, more
than half attributed the increase to their own personal safeguards, while fewer
than 30 percent cited security technology enhancements or changes in bank policies
Passwords a Key Area of Vulnerability
According to the survey, some vulnerability comes as a
result of poor management of PINs and passwords for access to online services,
desktop computer systems, ATMs and other electronic services. Nearly two in
three respondents (63 percent) use fewer than five passwords for all electronic
information access, and more than one in ten (15 percent) use only one password
Consumers are under the false impression that passwords
provide enough security to protect personal information, said Worrall.
Forward-looking organizations that have a large number of people accessing
electronic information, whether they are customers, employees or partners, are
recognizing that more reliable forms of authentication are critical for securing
important information, including personal information and corporate assets.
When asked the question, Which of the following are
'Very Responsible' for protecting you against identity theft, 65 percent
listed themselves, 53 percent listed banks/financial institution, 29 percent
cited law enforcement, 27 percent named Federal government and 24 percent listed
merchants (more than one response was permitted).
The nine-question survey on consumer attitudes, perceptions
and security practices was conducted nationwide, by telephone, with 1,022 adults
from January 29-February 1, 2004 by Opinion Research Corporation. The margin
of error is plus or minus three percent for results based on the entire sample.