Netsky-P Biggest Threat of 2004 Most Prevalent Malware of the Year Winner Sharon Gaudin
After sitting atop most anti-virus charts for the past nine months, Netsky-P has earned the infamous title as the most prevalent malware of the year.
Central Command, an anti-virus company based in Medina, Ohio, reports that after nine months in the wild, Netsky-P still accounts for 28.93 percent of all the malware in circulation. The percentage is just down from its high of 30.71 percent reported in June, when the worm's author employed a new trick — disguising the bug as a Harry Potter game. However, December numbers show that it's slightly more prevalent than it was in October or November.
A variant of the highly damaging Netsky family, the worm ranks at or near the top on the charts of various anti-virus vendors. Central Command ranks Netsky-P as the most prolific and dangerous virus threat over the past month. But more notably, Central Command ranks Netsky-P as the most prevalent malware of the year.
This also was the year of the entire Netsky worm family, according to Graham Cluley, senior technology consultant at Sophos, Inc., an anti-virus and anti-spam company with its U.S. base in Lynnfield, Mass. The Netsky family rampaged through the wild this year, with 30 variants hitting the Internet since the family first appeared last February.
What makes the Netsky-P variant stand out is the fact that it has ranked at the top of nearly every Worst Virus List for the past nine months.
"This isn't completely unheard of," says Steve Sundermeier, a vice president at Central Command. "Klez-E held on to the top spot for seven or eight months ... But Netsky-P is a real nuisance. With this bug, the problem is clean up. Once you have the infection, it's memory resident, so you have to move infected machines off the network and get them cleaned before you get them back on. It's a huge nuisance factor."
Sundermeier also notes that there is some irony in the fact that the author of the Netsky family of worms created the malware to rid the world of the virulent Mydoom and Bagle worms. The Netsky author's bold move not only caused a 'worm war' that brought a flurry of malware onto the Internet this past winter and spring, he also ended up creating the most prevalent bug of the year.
"You can't just unleash a worm to try to get rid of other worms," Sundermeier adds. "Any time you run executable code without the user's consent, it's malicious. And in the process, he created the worst family of worms in the year. It wasn't uncommon to see the Netsky variants occupy seven out of the top 12 spots on the [Worst Virus Chart] all year."
A German teenager has been arrested for authoring Netsky and causing 50 percent of all virus incidents this past year.
The P variant spreads through email, as well as through network shares. Sundermeier points out that once the worm finds those shared files, it will drop a "whole laundry list" of added files into them.
Netsky-P also employs social engineering tricks.
The worm follows whatever text sits in the message body with a tag line that leads the reader to believe the email has been scanned by an anti-virus company and has been deemed safe. "It tags the email with a line saying 'No virus found,'" says Sundermeier. "It dupes people into opening it because they believe it has been cleared by an anti-virus company. It's tricky."
Back in June, Sophos reported that Netsky-P owed some of its continued 'success' to its ability to disguise itself as a Harry Potter computer game when spreading on file-sharing systems. With 'Harry Potter and the Prisoner of Azkaban' opening worldwide that month, Potter fans — eager to play the latest games — dropped their guard.
Netsky-P was first detected on March 22, 2004. It's a mass-mailing worm that spreads by emailing itself to addresses harvested from files on local drives. The worm copies itself to the Windows folder as FVProtect.exe.
