Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Writer Arrested, but the Worms Live On

Although it has been three months since Sven Jaschan, the author of the Netsky worms, was arrested, the worms keep spreading. No new variants have been released but the existing ones are still haunting the wild.

According to MessageLabs statistics, W32/NetSky.P-mm has remained in first place and W32/Netsky.Z-mm in second or third place for many months. Many other variants have occasionally made it into MessageLabs Top Ten Virus Threats during July and August:

F-Secure also reports that Netsky variants are persistent and prevalent.

It is painful for network administrators to handle complaints from users who keep on receiving either emails containing NetSky variants or rejection emails from other email gateways that are incorrectly bouncing the infected messages to the forged sender's address. The volume of these wrongly directed warnings is even rivalling the spam clogging our in boxes.

Some advocate that email anti-virus gateways should not warn the sender when a virus is detected, but this contravenes the SMTP standard, and makes email even less reliable than now. Messages can simply disappear, with no clue as to their fate.

To combat the problem, email anti-virus gateways should be modified to return a rejection error code at the end of the DATA phase when they detect a virus, instead of generating a new message that gets sent to the (possibly forged) envelope sender address. Thus, the sending SMTP client is clearly informed that the message has not been accepted for delivery before the connection is closed.

While the Netsky variants and other similar mass-mailing worms are still in the wild, the headache continues.

More Information