The Web    Google
Netsky-P a Year Old and Going Strong

Netsky-P a Year Old and Going Strong
March 4, 2005
After a year in the wild, the Netsky-P worm retains its tight grip on the list of Most Malicious Malware in the wild.

The worm finally let go of the top spot a few months back, but now sits firmly in second place, accounting for 22.3 percent of all malware in the wild, according to reports from Sophos, Inc., an anti-virus and anti-spam company with a U.S. base in Lynnfield, Mass.

Netsky-P was first discovered in March of 2004.

What makes Netsky-P stand out is the fact that it's ranked at the top of nearly every Worst Virus List for the past twelve months.

A variant of the highly damaging Netsky family, the worm has ranked at or near the top on the charts of various anti-virus vendors. Central Command, an anti-virus vendor out of Medina, Ohio, ranks Netsky-P in its Top Five list. More notably, Central Command ranked Netsky-P as the most prevalent malware of 2004.

This also was the year of the entire Netsky worm family, according to Graham Cluley, senior technology consultant at Sophos. The Netsky family rampaged through the wild this year, with 30 variants hitting the Internet since the family first appeared in February of 2004.

The P variant spreads through email, as well as through network shares. Sundermeier points out that once the worm finds those shared files, it will drop a ''whole laundry list'' of added files into them.

Netsky-P also employs social engineering tricks. The worm follows whatever text that sits in the message body with a tag line that leads the reader to believe the email has been scanned by an anti-virus company and has been deemed safe.

The malware is a mass-mailing worm which spreads by emailing itself to addresses harvested from files on local drives. The worm copies itself to the Windows folder as FVProtect.exe.

  • Visa is monitoring merchants for security compliance
  • Netsky-D Ranked as High Risk
  • WiFi Security Concerns Easing
  • 4/8: Mytob-S Worm Continues to Flourish
  • Critical Flaws Flagged in Mozilla, Thunderbird
  • 2/21: MyDoom-BC an Email Worm for Windows
  • 5/6: Bakaver.A Infects Portable Drives
  • A Password Policy Primer
  • 11/9: Rbot-PG Worm also a Trojan
  • 4/7: Rbot-AAF Worm Hits Network Shares
  • 10/21: Rbot-NG Worm Spreads Remotely
  • Security Camera Related Information