On Friday, the latest variant of the pernicious Netsky worm, dubbed Netsky.w, was let loose on the Internet. Earlier this week, Netsky.v, a more dangerous variation, appeared.
Wednesday's Netsky.v takes a page out of Bagle's playbook by not loading its payload in a file attachment that users must open to become infected. Instead, it exploits a long-known vulnerability in Internet Explorer -- called the Object Data Remote Execution vulnerability -- that was first disclosed, and patched, back in October 2003.
Users of Outlook and Outlook Express who haven't applied the patch and who only read or preview the message can be infected by Netsky.v, warned numerous anti-virus firms.
The no-attachment tactic was last used by a March blitz of Bagle worms -- Bagle.q, Bagle.r, Bagle.s, and Bagle.t -- that one security analysts characterized as kicking the war of worms up a notch.
Netsky.v also shares characteristics with other recent variants, including opening a backdoor component that leaves the infected system at risk for additional attacks (in Netsky.v's case, TCP ports 5556 and 5557 are opened), and scheduling a denial-of-service (DoS) attack against peer-to-peer file-sharing Web sites such as kazaa.com, emule.de, and freemule.net. The DoS attacks are to start on April 22 and run through April 29.