Why So Many Netsky Infections?

[John Coutts]

I can't ask our own customers because we filter all incoming mail, and to the
best of our knowledge, none have been infected by either Netsky or Bagle. But
that doesn't stop the flood of virus's coming in (74% Netsky - 26% Bagle). And
73% of these come from just 2 ISP's (Telus & Shaw), who seem unwilling or
unable to do anything to stem the flow (currently about 200/day).

I can understand how some people might be fooled by the Bagle virus, but the
Netsky virus is so obvious that I am having a difficult time understanding how
anyone could be naive enough to activate it. And yet, it is by far the most
prevalent.

Can someone shed some light on this?

J.A. Coutts

 

[mzlindyone]

I can't ask our own customers because we filter all incoming mail, and to the
best of our knowledge, none have been infected by either Netsky or Bagle. But
that doesn't stop the flood of virus's coming in (74% Netsky - 26% Bagle). And
73% of these come from just 2 ISP's (Telus & Shaw), who seem unwilling or
unable to do anything to stem the flow (currently about 200/day).

I can understand how some people might be fooled by the Bagle virus, but the
Netsky virus is so obvious that I am having a difficult time understanding how
anyone could be naive enough to activate it. And yet, it is by far the most
prevalent.

Can someone shed some light on this?

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
[this would be for Netsky.A, but you get the drift, I'm sure]
------------------------------
Searches drives C through Z for the folder names containing the words
"Share" or "Sharing." If the drive is not a CD-ROM, the worm copies
itself as the following:
doom2.doc.pif
sex sex sex sex.doc.exe
rfc compilation.doc.exe
dictionary.doc.exe
win longhorn.doc.exe
e.book.doc.exe
programming basics.doc.exe
how to hack.doc.exe
max payne 2.crack.exe
e-book.archive.doc.exe
virii.scr
nero.7.exe
eminem - lick my pussy.mp3.pif
cool screensaver.scr
serial.txt.exe
office_crack.exe
hardcore porn.jpg.exe
angels.pif
porno.scr
matrix.scr
photoshop 9 crack.exe
strippoker.exe
dolly_buster.jpg.pif
winxp_crack.exe

 

[John Coutts]

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
[this would be for Netsky.A, but you get the drift, I'm sure]
------------------------------
Searches drives C through Z for the folder names containing the words
"Share" or "Sharing." If the drive is not a CD-ROM, the worm copies
itself as the following:
doom2.doc.pif
sex sex sex sex.doc.exe ............

Carol

****************** REPLY SEPARATER *******************
But that still doesn't explain why so many people activate it. It is so obvious
that it is a virus.
---------------------------------------------------------------------
To: (e-mail address removed)
Subject: Re: Word file
Date: Fri, 19 Mar 2004 16:04:52 -0700
X-MSMail-Priority: Normal
X-pstnvirus: W32/Netsky.j@MM

Here is the file.

Attachment Converted: "c:\internet\euladmin\attach\Re Word file8"
---------------------------------------------------------------------

 

[John Coutts]

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
[this would be for Netsky.A, but you get the drift, I'm sure]
------------------------------
Searches drives C through Z for the folder names containing the words
"Share" or "Sharing." If the drive is not a CD-ROM, the worm copies
itself as the following:
doom2.doc.pif
sex sex sex sex.doc.exe ............

Carol

****************** REPLY SEPARATER *******************
I quess I was just trying to be polite, but let me be a little more blunt. How
can anyone be so stupid as to click on an attachment that is so obviously a
virus. They have not made any attempt to disguise it.
---------------------------------------------------------------------
To: (e-mail address removed)
Subject: Re: Word file
Date: Fri, 19 Mar 2004 16:04:52 -0700

Here is the file.

Attachment Converted: "c:\internet\euladmin\attach\Re Word file8"
---------------------------------------------------------------------

 

[wrangler]

I quess I was just trying to be polite, but let me be a little more blunt. How
can anyone be so stupid as to click on an attachment that is so obviously a
virus. They have not made any attempt to disguise it.

Well, my thoughts on the matter go something like this:

The correlation between the man in CompUSA or PCWorld (equivalent store here
in the UK) being sold the nice box by the sales guy who assures him it is
what he needed all along and the security minded individuals who participate
in this group is non existent.

PC sales are growing globally, and more and more people are online.. These
things don¹t target the savvy, they target anyone and everyone who happens
to have email.

At the end of the day, these people just don¹t know any better because they
are cosy in THEIR house in front of THEIR television opening THEIR email
which appears to be from THEIR friend on THEIR computer and the concept that
anyone could be sending them something which is not what it appears to be is
foreign to them... They trust THEIR computer... And don¹t fully understand
it, or the implications and responsibilities of owning it.

I agree its a pain, but until everyone is educated in such things (and
remembers) its not going to be changing for a while... The chances of that
happening... Nada.

Cheers,

..\/.artin

 

[Jan Il]

wrangler wrote:

wra-ign0rethis-ngler the-funny-"a"-with-the-loop aye vee research dot info
no spaces no dashes just that

Ahmmm.....any chance of fries and a coke with that? ;-)))

Jan

 

[Wrangler]

Ahmmm.....any chance of fries and a coke with that? ;-)))

Fish and chips maybe

..\/.artin

 

[Jan Il]

Fish and chips maybe

Why...of course. Long John Silver's...with hushpuppies. ;-)

Jan