Why So Many Netsky Infections?

I can't ask our own customers because we filter all incoming mail, and to the
best of our knowledge, none have been infected by either Netsky or Bagle. But
that doesn't stop the flood of virus's coming in (74% Netsky - 26% Bagle). And
73% of these come from just 2 ISP's (Telus & Shaw), who seem unwilling or
unable to do anything to stem the flow (currently about 200/day).

I can understand how some people might be fooled by the Bagle virus, but the
Netsky virus is so obvious that I am having a difficult time understanding how
anyone could be naive enough to activate it. And yet, it is by far the most
prevalent.

Can someone shed some light on this?

J.A. Coutts

On Sat, 20 Mar 2004 16:13:11 -0000, administrator@spam.yellowhead.com
(John Coutts) wrote:

>I can't ask our own customers because we filter all incoming mail, and to the
>best of our knowledge, none have been infected by either Netsky or Bagle. But
>that doesn't stop the flood of virus's coming in (74% Netsky - 26% Bagle). And
>73% of these come from just 2 ISP's (Telus & Shaw), who seem unwilling or
>unable to do anything to stem the flow (currently about 200/day).
>
>I can understand how some people might be fooled by the Bagle virus, but the
>Netsky virus is so obvious that I am having a difficult time understanding how
>anyone could be naive enough to activate it. And yet, it is by far the most
>prevalent.
>
>Can someone shed some light on this?


http://securityresponse.symantec.co....netsky@mm.html
[this would be for Netsky.A, but you get the drift, I'm sure]
------------------------------
Searches drives C through Z for the folder names containing the words
"Share" or "Sharing." If the drive is not a CD-ROM, the worm copies
itself as the following:
doom2.doc.pif
sex sex sex sex.doc.exe
rfc compilation.doc.exe
dictionary.doc.exe
win longhorn.doc.exe
e.book.doc.exe
programming basics.doc.exe
how to hack.doc.exe
max payne 2.crack.exe
e-book.archive.doc.exe
virii.scr
nero.7.exe
eminem - lick my pussy.mp3.pif
cool screensaver.scr
serial.txt.exe
office_crack.exe
hardcore porn.jpg.exe
angels.pif
porno.scr
matrix.scr
photoshop 9 crack.exe
strippoker.exe
dolly_buster.jpg.pif
winxp_crack.exe
------------------------------



Carol

In article <4060a217.281685183@news.east.earthlink.net>, mzlindyone@aol.comx
says...
>
>http://securityresponse.symantec.co....netsky@mm.html
>[this would be for Netsky.A, but you get the drift, I'm sure]
>------------------------------
>Searches drives C through Z for the folder names containing the words
>"Share" or "Sharing." If the drive is not a CD-ROM, the worm copies
>itself as the following:
>doom2.doc.pif
>sex sex sex sex.doc.exe
............
>
>Carol
****************** REPLY SEPARATER *******************
But that still doesn't explain why so many people activate it. It is so obvious
that it is a virus.
---------------------------------------------------------------------
To: xxxxxx@yellowhead.com
Subject: Re: Word file
Date: Fri, 19 Mar 2004 16:04:52 -0700
X-MSMail-Priority: Normal
X-pstnvirus: W32/Netsky.j@MM

Here is the file.

Attachment Converted: "c:\internet\euladmin\attach\Re Word file8"
---------------------------------------------------------------------

In article <4060a217.281685183@news.east.earthlink.net>, mzlindyone@aol.comx
says...
>
>http://securityresponse.symantec.co....netsky@mm.html
>[this would be for Netsky.A, but you get the drift, I'm sure]
>------------------------------
>Searches drives C through Z for the folder names containing the words
>"Share" or "Sharing." If the drive is not a CD-ROM, the worm copies
>itself as the following:
>doom2.doc.pif
>sex sex sex sex.doc.exe
............
>
>Carol
****************** REPLY SEPARATER *******************
I quess I was just trying to be polite, but let me be a little more blunt. How
can anyone be so stupid as to click on an attachment that is so obviously a
virus. They have not made any attempt to disguise it.
---------------------------------------------------------------------
To: xxxxxx@yellowhead.com
Subject: Re: Word file
Date: Fri, 19 Mar 2004 16:04:52 -0700

Here is the file.

Attachment Converted: "c:\internet\euladmin\attach\Re Word file8"
---------------------------------------------------------------------

"John Coutts" <administrator@spam.yellowhead.com> wrote:

> I quess I was just trying to be polite, but let me be a little more blunt. How
> can anyone be so stupid as to click on an attachment that is so obviously a
> virus. They have not made any attempt to disguise it.

Well, my thoughts on the matter go something like this:

The correlation between the man in CompUSA or PCWorld (equivalent store here
in the UK) being sold the nice box by the sales guy who assures him it is
what he needed all along and the security minded individuals who participate
in this group is non existent.

PC sales are growing globally, and more and more people are online.. These
things donąt target the savvy, they target anyone and everyone who happens
to have email.

At the end of the day, these people just donąt know any better because they
are cosy in THEIR house in front of THEIR television opening THEIR email
which appears to be from THEIR friend on THEIR computer and the concept that
anyone could be sending them something which is not what it appears to be is
foreign to them... They trust THEIR computer... And donąt fully understand
it, or the implications and responsibilities of owning it.

I agree its a pain, but until everyone is educated in such things (and
remembers) its not going to be changing for a while... The chances of that
happening... Nada.

Cheers,

..\/.artin

---
wra-ign0rethis-ngler the-funny-"a"-with-the-loop aye vee research dot info
no spaces no dashes just that

wrangler wrote:
<wrangler@nowhere.com> wrote in message news:BC826650.22A9%

<snip other>

> wra-ign0rethis-ngler the-funny-"a"-with-the-loop aye vee research dot info
> no spaces no dashes just that

Ahmmm.....any chance of fries and a coke with that? ;-)))

Jan

"Jan Il" <abuse@localhost.com> wrote:
>
>> wra-ign0rethis-ngler the-funny-"a"-with-the-loop aye vee research dot info
>> no spaces no dashes just that
>
> Ahmmm.....any chance of fries and a coke with that? ;-)))

Fish and chips maybe

..\/.artin


---
wra-ign0rethis-ngler the-funny-"a"-with-the-loop aye vee research dot info
no spaces no dashes just that

"Wrangler" <wrangler@nowhere.com> wrote in message
news:BC826EE9.2356%wrangler@nowhere.com...
> "Jan Il" <abuse@localhost.com> wrote:
> >
> >> wra-ign0rethis-ngler the-funny-"a"-with-the-loop aye vee research dot
info
> >> no spaces no dashes just that
> >
> > Ahmmm.....any chance of fries and a coke with that? ;-)))
>
> Fish and chips maybe

Why...of course. Long John Silver's...with hushpuppies. ;-)

Jan