[Tech] Netsky.B, altro worm virus per Windows

Secondo la definizione coniata da alcuni esperti di sicurezza, il nuovo virus è un "cluster bomb worm": può creare centinaia di copie di se stesso all'interno di una singola rete locale, una volta entrato.



Si propaga attraverso la posta elettronica, come ormai la quasi totalità dei virus, ma a differenza della maggior parte degli altri sfrutta, per auto-inviarsi in Rete, un proprio server SMTP (il protocollo utilizzato comunemente dai client di posta elettronica per inviare messaggi su Internet).

The Netsky.B worm is a mass-mailing worm that uses its own SMTP engine to send itself to the e-mail addresses it finds when scanning hard drives and mapped drives. It searches the drives for folder names containing "share" or "sharing," and then copies itself to those folders. The virus also attempts to deactivate the MyDoom.A and MyDoom.B viruses.



The worm presents a problem for businesses and consumers, because it is capable of spreading through peer-to-peer software. It also represents an emerging and troubling trend toward blended threats, which use more than one spreading mechanism.

Il virus, conosciuto anche come "Moodown", pare particolarmente orientato a sfruttare le funzionalità di condivisione in rete di Windows e i meccanismi di base dei network peer-to-peer:

Another distinguishing characteristic of Netsky, compared to other recent worms, is that it does not leave open the back door, said Jimmy Kuo a research fellow at McAfee AVERT, an arm of Network Associates. "The file-sharing mechanism is helping this virus spread rapidly."



As such, the virus is adding hundreds of files to each of the infected machines, and shows no signs of slowing down, Kuo told NewsFactor. He recommended that when users retrieve files they should scan them first, and/or make sure there are not multiple extensions in files received.



As of Thursday morning, Netsky.B was spreading in the wild, and Symantec raised the threat level associated with it from three to four (five is the highest). "I don't think this has reached its peak yet," Dunham said.



"The sharing mechanism could have a dramatic impact on networks," said Dunham. Some 100,000 Netsky.B interceptions have been made worldwide, he noted, although the number of infected machines is lower.

Le raccomandazioni sono le solite: mantenere aggiornato il proprio antivirus, evitare di aprire attachment sospetti e, ove applicabile, disabilitare tutti i servizi non necessari (Symantec fa l'esempio dei servizi FTP, Telnet e Web spesso attivati anche su singoli personal computer, anche in presenza di un mancato utilizzo).



Fonte: Yahoo! News.