QODS ec

Saturday, June 05, 2004

VIRUS: NetSky still dominates virus hit parade

Globetechnology

NetSky still dominates virus hit parade

By JACK KAPICA
Globe and Mail Update

POSTED AT 9:53 AM EDT Friday, Jun 4, 2004

Its accused maker may be awaiting trial in Germany, but the NetSky virus is still dominating the virus hit parade in May.

Variants of NetSky occupy seven — or perhaps eight — of the "Dirty Dozen" top viruses compiled monthly by anti-virus experts at the Ohio-based computer security company Central Command.

The No. 1 virus on the list is Sasser, which accounted for almost half of all infections reported to Central Command. But the 18-year-old German accused of creating the NetSky virus has reportedly confessed to making Sasser too.

Already, NetSky's dominance is being threatened by a new worm, called Korgo. This week, security experts at Symantec upgraded Korgo (officially named W32.Korgo.F) from a Level 2 to a Level 3 threat after an increased number of submissions.

The highest threat rating given by Symantec is Level 4.

The Korgo worm attempts to propagate by exploiting a Microsoft Windows vulnerability publicly announced on April 13 called the LSASS Buffer Overrun Vulnerability. A blended threat — meaning it does several different tasks — Korgo affects computers running Windows 2000 and Windows XP operating systems, listening in on TCP ports 113 and 3067, potentially opening back doors on those ports.

In descending order of effectiveness, Central Command's Dirty Dozen are: Sasser (49.1 per cent); NetSky.P (16.1 per cent); NetSky.Z 5.4 per cent; NetSky.D.Dam (5.1 per cent); NetSky.Q (3.7 per cent); NetSky.C (2.8 per cent); NetSky.B (2 per cent); Bagle.AA (1.5 per cent); NetSky.A (1.1 per cent); Bagle.Z (0.7 per cent); MyDoom.F (0.4 per cent) and Sober.G (0.3 per cent).

Others accounted for 11.8 per cent of reported infections.

Major antivirus companies have published updates to their dictionary of known infectors on all these viruses, and urge users to download the new definitions as soon as possible.

"W32.Korgo.F includes backdoor functionality that could leave systems open to unauthorized access," said Symantec Security Response senior director Alfred Huger.

"This back door functionality could result in a loss of confidential data and may also compromise security settings. This threat is another strong example of why it is critical for computer users to be diligent in applying security patches, keeping virus definitions updated, and following best practices," he said.

0 Comments:

Post a Comment

<< Home


Get Firefox!