New worm eats into PCs in guise of security patch
Worries over the Sasser worm took a turn for the worse when it emerged that a free-ware fix meant to cure it is also an insidious worm.
Security experts warned users not to download Netsky-AC, which masquerades as a 'cure' for Sasser and its variants.
Khazi Mohamed Akram of RAS Infotech Ltd, a Dubai-based computer security company, said: "With the spread of the Sasser worm hugging the headlines, we're concerned that some users may fall for Netsky-AC's trick and it may launch its damaging payload."
Netsky-AC worm, also known as W32/Nestky-AC pretends to be a warning from an anti-virus company and spreads through email. It alerts a user to an invasion by the Sasser (A,B,C,D), NetSky.AB, Bagle.AB, Mydoom.F and MSBlast.B worms.
Akram of RAS Infotech, which distributes Sophos anti-virus in the Middle East, said: "I've seen the signature of Netsky-AC. Its author is playing on users' fear of computer attack. The worst thing you can do is fall for this trick by clicking on the attached file.
"The best thing users can do is to update their Microsoft operating system with a patch." Sasser has infected millions of computers around the world, including attacks on systems at airports, banks and train stations.
Fixing Sasser-infected computers is a tedious task because unlike some types of security updates that can be applied across an entire network, most of the worm-affected computers must be corrected unit by unit.
Some IT administrators are also nervous about installing system-wide patches fearing they might cause other problems on the network.
A technical support desk employee from Microsoft told Gulf News that they had no immediate information about Netsky-AC or details of its exact nature.
Virus researchers at Sophos, a computer security company, have warned users not to fall for the tricky Netsky worm.
Hidden inside the code of Netsky-AC is a message directed towards anti-virus companies which suggests that the author of Netsky also wrote the Sasser worm.
It says: "Hey, av firms, do you know that we have programmed the sasser virus?!?. Yeah that's true! Why have you named it sasser? A Tip: Compare the FTP-Server code with the one from Skynet.V!!! LooL! We are the Skynet..."
Akram, who has spent 10 years in the computer security business, said: "It's hard to be 100 per cent sure at this stage if the same people are behind both viruses."
Derrick Lewis of computer security firm Avalon System, based in Dubai Media City, said: "Everybody should practice safe computing and learn the steps to protect themselves properly against Sasser and its variants."
The recent worm attacks, he said, highlighted the need for corporate users to subscribe to online automated anti-virus protection.
Last month, more than 800 viruses and worms were recorded. Most of them have been neutralised. There are nearly 90,000 known computer viruses and worms.
The FBI is reportedly now on the prowl for Sasser's author. It's believed that many virus writers come from universities, some of which offer subjects on how to write viruses.
Security experts warned users not to download Netsky-AC, which masquerades as a 'cure' for Sasser and its variants.
Khazi Mohamed Akram of RAS Infotech Ltd, a Dubai-based computer security company, said: "With the spread of the Sasser worm hugging the headlines, we're concerned that some users may fall for Netsky-AC's trick and it may launch its damaging payload."
Netsky-AC worm, also known as W32/Nestky-AC pretends to be a warning from an anti-virus company and spreads through email. It alerts a user to an invasion by the Sasser (A,B,C,D), NetSky.AB, Bagle.AB, Mydoom.F and MSBlast.B worms.
Akram of RAS Infotech, which distributes Sophos anti-virus in the Middle East, said: "I've seen the signature of Netsky-AC. Its author is playing on users' fear of computer attack. The worst thing you can do is fall for this trick by clicking on the attached file.
"The best thing users can do is to update their Microsoft operating system with a patch." Sasser has infected millions of computers around the world, including attacks on systems at airports, banks and train stations.
Fixing Sasser-infected computers is a tedious task because unlike some types of security updates that can be applied across an entire network, most of the worm-affected computers must be corrected unit by unit.
Some IT administrators are also nervous about installing system-wide patches fearing they might cause other problems on the network.
A technical support desk employee from Microsoft told Gulf News that they had no immediate information about Netsky-AC or details of its exact nature.
Virus researchers at Sophos, a computer security company, have warned users not to fall for the tricky Netsky worm.
Hidden inside the code of Netsky-AC is a message directed towards anti-virus companies which suggests that the author of Netsky also wrote the Sasser worm.
It says: "Hey, av firms, do you know that we have programmed the sasser virus?!?. Yeah that's true! Why have you named it sasser? A Tip: Compare the FTP-Server code with the one from Skynet.V!!! LooL! We are the Skynet..."
Akram, who has spent 10 years in the computer security business, said: "It's hard to be 100 per cent sure at this stage if the same people are behind both viruses."
Derrick Lewis of computer security firm Avalon System, based in Dubai Media City, said: "Everybody should practice safe computing and learn the steps to protect themselves properly against Sasser and its variants."
The recent worm attacks, he said, highlighted the need for corporate users to subscribe to online automated anti-virus protection.
Last month, more than 800 viruses and worms were recorded. Most of them have been neutralised. There are nearly 90,000 known computer viruses and worms.
The FBI is reportedly now on the prowl for Sasser's author. It's believed that many virus writers come from universities, some of which offer subjects on how to write viruses.