Virus warning: Netsky appears as Bagle spreads

Mass mailers amassing, beware the classic one-two...
Written by Will Sturgeon, Contributor

Mass mailers amassing, beware the classic one-two...

Antivirus vendors worldwide have updated their warnings regarding Bagle.B to the highest levels, as the variant outstrips the performance of its predecessor.

But it's the sucker punch that may be delivered by a new arrival on the horizon - Netsky - that could really hit networks hard while administrators are all distracted by the Bagle variant.

F-Secure, Sophos and MessageLabs all upgraded Bagle.B to their highest alert level overnight, after the worm started to spread yesterday.

MessageLabs has so far stopped 92,000 instances of Bagel.B across 66 different countries, after it was first detected in Poland.

But while admins are fighting to safeguard their networks against Bagle.B, they may be leaving themselves open to a far more serious threat in the shape of Netsky, which shows signs of spreading at a similar rate.

While Bagle.B has outperformed expectations based on the simplicity of its programming, Carole Theriault, a security consultant at Sophos, believes the mass-mailing Netsky poses a greater threat.

"Netsky has a variety of subject lines, message text and attachments, making it more like Klez or MyDoom," said Theriault. The virus attachment also has double extensions - which thinly disguises its actual nature. While this is hardly rocket science, it is still more deceptive than the obvious .exe extension.

The virus also copies itself to shared folders - often taking a file name of a sexual nature - meaning it poses a risk to users swapping pornography via peer-to-peer services and network shares.

"I'm actually surprised that people are still clicking on the Bagle virus despite all the media and press attention," said Theriault. "But the added complexity of Netsky means it may well still catch out a lot of people."

"I'd be very surprised if it doesn't turn out to be worse than [the first] Bagle," she warned.

As ever, the advice in both instances is simple. Do not open files that you cannot vouch for and don't necessarily trust an email just because it comes from a known contact.

Editorial standards