Netsky Virus Poses As Porn
Security specialists are seeing the worm spread at a rapid pace throughout the world, although more attacks can be traced to the United States.
The worm spreads via email and forwards itself to email addresses found on the hard drives of infected computers, similar to the MyDoom virus that is so far is in its sixth incarnation.
Netsky also uses file-sharing networks like Kazaa and instant messaging system ICQ to spread itself through cyberspace, Sophos said.
Netsky.C hides its malicious code in plain sight, has its own e-mail engine, and does not require programs on infected computers to reach its next victims.
The Netsky virus has a line of embedded code that suggests the author's vanity has been tweaked by the MyDoom virus, which has taken the world by storm.
"We are the skynet - you can't hide yourself! - we kill malware writers (they have no chance!) - [LaMeRz-->]MyDoom.F is a thief of our idea!"
Sophos is warning users that the worm uses many different file names to disguise itself, including headers that suggest it contains porn content. Typical Netsky headers have been 'Porno Screensaver.scr' and 'Teen Porn 16.jpg.pif,' the security firm announced.
Additionally, when the virus spreads through file-sharing networks it poses as a security patch or music file, which account for its ability to spread rapidly. Targeting file-sharer hankering for free music downloads, the virus comes as 'Full album.mp3.pif.'
To appeal to users who are on the look out for hacker tips and trades, the virus labels itself: 'How to hack.doc.exe,' or 'Microsoft Office 2003 Crack.exe.'
"No-one deserves to be hit by a worm like Netsky-C, but computer users need to take some responsibility for the protection of their own data," said Graham Cluley, senior technology consultant at Sophos. "Don't make it easy for the virus writers by being tempted into downloading and running programs which claim to be hacks, cracks and seedy porn."