February is proving to be a bumper month for Windows computer viruses.
This is proving a bad month for viruses
Just as people were clearing up after the MyDoom virus, mutant versions of that malicious program appeared that prolonged the trouble it caused.
Security firms are now warning about a fresh batch of viruses all of which are bent on causing havoc for PC users.
Top of the current list of threats is Netsky.C, followed by the destructive MyDoom.F worm and the Bizex worm that travels via the ICQ instant messenger.
Thanks to the MyDoom.A virus February 2004 looks like being one of the worst months ever for the numbers of malicious programs circulating on e-mail.
MyDoom.A has become the most active virus ever according to MessageLabs which has caught more than 54m copies of it since it first appeared on 25 January.
MyDoom.A shut down on 12 February thanks to a built-in timer but MessageLabs has still been catching other viruses in large numbers this month.
SAMPLE NETSKY.C SUBJECT LINES
Re: does it?
read it immediatelly
As well as MyDoom.A, virus firms have issued warnings this month about variants of this virus called Doomjuice and Deadhat.
There have also been alerts about the Bagle.B virus and now users are being asked to look out for Netsky.C, MyDoom.F and Bizex.
Netsky.C is the fastest spreading of this trio and it moves around via e-mail as well as network drives.
Like many other Windows e-mail viruses, the program tries to trick people into opening it and then, when set off, plunders the contacts file in Outlook and mails itself to every address it finds.
It also tries to spread via file-sharing networks such as KaZaa, Bearshare and Limewire if they are installed on a machine it manages to infect.
It tries to make itself hard to spot by choosing its subject line from a long list included in the virus.
Sample subject lines include "Delivery Failed", "fake?", "Re: information", "Re: Re: Re: Re:" and many others.
SAMPLE NETSKY.C MESSAGES
I 've found your bill!
You are infected. Read the details!
is the pic a fake?
Antispam is turned off. See file!
do not open the attachment!
is that your beast?
you look like an ape!
something is not ok
The message body is equally varied. Samples include "", "here is the document.", "*lol*", "are you a teacherin the picture?" and lots more.
The attachment containing the virus poses as pornography, cracks for Microsoft programs and the Sims and even virus source code.
Commonly the attachment is disguised as a .zip file.
Between the hours of 6 and 9am local time on 26 February machines will betray the fact that they are infected by beeping regularly.
The worm can be caught by machines running Windows 95, 98, ME, NT, 2000 and XP.
The B variant of Netsky has been catching out a lot of people too.
Other viruses that people need to be on the lookout for include MyDoom.F and Bizex.
The F variant of MyDoom is a nasty version of the original that deletes files rather than just uses machines to help itself spread.
Like other MyDoom variants this version travels via e-mail and tries to trick people into opening it.
Users of the popular ICQ instant message program are being told to look out for the Bizex worm.
This malicious program spreads through the messaging system and plunders ICQ address books for new places to travel to.