:: NORMAN :: Antivirus | Firewall

Proactive IT security

Home

News

Support

Partner

Select country

Select product

News » Press releases » 2004 » Norman Data Defense Systems alerts: The number of Internet worms is rapidly escalating

Norman Data Defense Systems alerts: The number of Internet worms is rapidly escalating

Add to My Norman Bookmarks

PRESS RELEASE
Oslo, 1 March 2004

Norman Data Defense Systems, specialists in the field of data security, today issued an alert against two new worms NetSky.D and E. These are the last in a series of worm incidents that currently spread at an alarming speed worldwide.

The following is a list of the most dangerous worms detected during the past seven days,

W32/Netsky.C
W32/BizIcq.A
W32/Bagle.C
W32/Bagle.D
W32/Bagle.E
W32/Bagle.F
W32/Netsky.D
W32/Netsky.E

In addition to these worms,the fast spreading worms MyDoom.F (21/2) and Netsky.B (18/2) have emerged. Of these, Mydoom.F is very destructive with a high payload using backdoor techniques, providing denial of service attacks, and deletion of files.

"We suspect that several virus authors - or factions of virus authors - are competing in creating the most successfully spreading worm. So far we see three different groups or persons, each responsible for their own worm family; NetSky, Bagle, and MyDoom. Text messages inside these worms points in this direction", says Snorre Fagerland, senior virus analyst at Norman Data Defense Systems. It seems like they are accusing each other of stealing ideas and code, in an attempt to achieve the highest number of copies spread on the Internet as fast as possible.

Examples of such text messages are:

Text string from NetSky.C
<-<- we are the skynet - you can’t hide yourself! - we kill malware writers (they have no chance!) - [LaMeRz-->]MyDoom.F is a thief of our idea! - -< SkyNet AV vs. Malware >

Text string from NetSky.D
"be aware! Skynet.cz - -->AntiHacker Crew<--"

Characteristics of the recent NetSky.D

(for information on Netsky.E please check our web pages)

Email subject: "Re: + "random text"
Email body start with: "random text"
Email attachment: "Randomly generated file name".pif

More information about this worm is available from Norman Data Defense System’s web site: http://www.norman.com.

Recommendations

Norman Data Defense Systems definitions files from Monday, 01 March 2004 have support for the worm.

Norman Data Defense Systems recommends corporate and home users to immediately update installed antivirus products with new definitions files that detect this threat.

We recommend users without protection to download and install an antivirus program immediately.

Contact information

Steinar Wigtil, Director of R&D, Norman Data Defense Systems ASA,
Telephone +47 67 10 97 00, mobile phone +47 41 53 97 29

Audun Lødmel, Marketing, Norman Data Defense Systems ASA,
Telephone +47 67 10 97 79, mobile phone +47 93 44 65 31

Security Information

>>	The Internet Crime Complaint Center's report for 2007
>>	2007

Security News and Advisories

>>	Three critical updates for Microsoft systems in June 2008
>>	Three critical updates for Microsoft systems in May 2008

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam and antiadware, the company plays an important role in the data industry.