By David Radin First Published April 8, 2004, 12:00am Are they modern day saviors? That seems to be what they want us to believe. Recent virus writers, those who have created the Bagle and Netsky series of worms, have been locked in battle, erasing one another's handiwork. Until now.
Most Netsky variants appear to be white knights, ridding users of other infectious worms. If your computer is infected by Netsky, the worm will search your system for other worms, including several variants of Bagle, MyDoom and MyMail, three of the most widely spread worms released in the last 12 months.
It attempts to launch a denial -of-service attack against various Web sites, including file sharing service KaZaA. And, on certain dates, it emits a sound -- a series of beeps that might make you think of the way they portrayed early computers in movies (before we all had PCs or Macs).
Then it will search your computer for e-mail addresses and send itself out to infect the owners of those addresses. Unlike earlier worms, it looks for the addresses in word documents, spreadsheets, Web pages and PowerPoint presentations, in addition to those in your address book.
In essence, it is infiltrating your entire sphere of influence. Yet, it skips over any address that it thinks might report it to an antivirus company or ISP.
The Q variant of Netsky also includes a little note that you won't see, which states explicitly that the writers "don't have any criminal inspirations" (nor aspirations, I would guess), that they haven't included any back doors to relay spam, and that they "want to prevent hacker, cracking, sharing with illegal stuff and similar content."
It also suggests that its creators don't like big companies making lots of money -- perhaps a not-so-subtle jab at Microsoft and the big anti-virus companies.
Reading between the lines, the writer wants you to think he is protecting you from viruses for the good of the cause. That's nonsense.
"There are enough free solutions out there that viruses don't have to be fixed that way" says Alan Wallace, vice president of corporate communications for Panda Software USA, the anti-virus company. "It seems more like gang warfare between virus writers."
The most recent, and more threatening variant of Netsky (Netsky.T) seems to have been written by a different person from the previous versions.
This one does open a back door for spam. It doesn't give itself away by launching a sound.
And it doesn't have a personal note explaining the writer's alleged motives, as in the previous versions. Nor does it try to erase Bagle or the other worms.
Most of the anti-virus software companies offer specialty tools for free on their Web sites to remove individual variants of Netsky.
Wallace says they're good, but suggests that it is just as easy to run a scan for all known viruses as it is to run a scan for a single virus.
His company even offers a free online scan at www.pandasoftware.com. If you don't have anti-virus software, this is a good alternative. You can even run it if you have other anti-virus software, and want to see if your anti-virus software missed anything.
With tens of thousands of known viruses and more being unleashed daily, your best move is still to install an anti-virus program so your system can be monitored and protected continuously.
But don't rely on Netsky to clean up your system for you. It's not really the good worm it purports to be.
You didn't ask for it. It violates your privacy. And it takes over your system without your permission. That's hardly a solution.
First Published April 8, 2004, 12:00am