As the Netsky virus continues to make mischief, an antivirus product supplier wants email administrators to stop sending automatic virus alerts.
Netsky - News, Features, and Slideshows
Now that Netsky worm has thrown up its 28th variant, AB, at least one specialist on viruses and spam is questioning whether the worm has a more nefarious purpose than seemed at first sight.
Organisation of an international conference by the Ministry of Health has been disrupted by the Netsky virus.
Although the virus has not breached the ministry’s mail system, an infected incoming message with a spoofed sender name has caused a storm of virus notifications between the MoH postmaster and a mailing list of potential attendees of the Conference on Priorities in Health Care.
Ministry technology head Warwick Sullivan says the incoming message purported to come from a MoH address set up as a collective address for the conference mailing list. When the ministry’s system detected the virus, it automatically expanded the collective address, sending a virus notification to the 1500 to 2000 names on the list. Responses to the virus warning were in turn copied to all the names on the list.
Sullivan says aside from MoH IT staff having to close off the ability to expand groups from outside the ministry, the virus hasn't affected the ministry's mail system, which typically handles tens of thousands of messages a day.
“This is the first time we’ve had Netsky hitting one of our collective addresses,” Sullivan says. The virus harvests addresses from any number of online sources, including email address books, web caches and Word documents.
Conference organiser Wendy Edgar says she was receiving about 200 messages a day at the peak of the exchange.
“Email is a wonderful tool and I just get so frustrated that there are people out there without a life who are prepared to do this sort of thing.”
Edgar says she was embarrassed to have been asked for explanations of the situation from US congressmen and message recipients in Europe.
“The most worrying thing is that it will put people off the conference.”
The event is set to take place in Wellington in November and among attendees will be Radio New Zealand health correspondent Rae Lamb, whose name is on the conference email list.
“Messages have been popping up for the past week,” says Lamb, “with the number building up and up.”
Computerworld has reported that Netsky is up to its 28th variant and that there was speculation that it existed for the purpose of address harvesting.
Garry Sexton, Asia-Pacific head of spam filter company Brightmail, suggested that Netsky’s collecting of email addresses may not be simply in the cause of further propagating itself. It may be harvesting the addresses for delivery to spammers.
The worm has no apparent damaging payload, yet its multiple variants have been created to avoid filters, presumably offering a payback to someone.
Anti-spam filtering giant Brightmail says figures released yesterday suggesting spam claiming to be from New Zealand was on the rise are a result of increased virus activity, particularly the Netsky virus.