Computer Associates Africa has urged South African users to take the necessary precautions against a new variant of the Netsky worm, Win32.Netsky.Q. The company`s eTrust Threat Analysis and Response Global Emergency Team (TARGET) is currently analysing this new variant.
Win32.Netsky.Q poses a medium risk and spreads through e-mail via a 28 008 byte Win32 executable.
Basically, the worm spoofs the "From" address of the message by either inserting one of the e-mail addresses that is harvested from the affected machine or using the address jena@yahoo.cz.
According to CA, the creators of recent worms like Netsky and Bagel - and their subsequent variants - rely on old techniques for trapping their prey. "The landscape is littered with history lesson on how to avoid being taken in as a carrier agent," comments Danny Ilic, business technologist (enterprise management and security) at Computer Associates Africa.
"Yet, users continue to open mysterious e-mails and attachments, therefore, furthering the spread of the worm. It is critical that users maintain vigilance and take a defensive posture against these attacks - authenticity of any e-mail is the right place to start."
For more information on Win32.Netsky.Q and the relevant patches, go to http://www3.ca.com/threatinfo/virusinfo/virus.aspx?id=38727.
Share
