Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Netsky Worms Just Keep On Coming

On Friday, the latest variant of the pernicious Netsky worm, dubbed Netsky.w, was let loose on the Internet. Earlier this week, Netsky.v, a more dangerous variation, appeared.

Wednesday's Netsky.v takes a page out of Bagle's playbook by not loading its payload in a file attachment that users must open to become infected. Instead, it exploits a long-known vulnerability in Internet Explorer -- called the Object Data Remote Execution vulnerability -- that was first disclosed, and patched, back in October 2003.

Users of Outlook and Outlook Express who haven't applied the patch and who only read or preview the message can be infected by Netsky.v, warned numerous anti-virus firms.

The no-attachment tactic was last used by a March blitz of Bagle worms -- Bagle.q, Bagle.r, Bagle.s, and Bagle.t -- that one security analysts characterized as kicking the war of worms up a notch.

Netsky.v also shares characteristics with other recent variants, including opening a backdoor component that leaves the infected system at risk for additional attacks (in Netsky.v's case, TCP ports 5556 and 5557 are opened), and scheduling a denial-of-service (DoS) attack against peer-to-peer file-sharing Web sites such as,, and The DoS attacks are to start on April 22 and run through April 29.

  • 1