These last few months we have had a number of viruses that placed a huge burden on all of our e-mail systems. W32.Netsky was one of these viruses. As of the middle of April, the variants are up to version T. This would mean that the original version was called W32.Netsky@MM and there was a letter added after the name to denote the version such as W32.Netsky.T@MM. The earlier versions were simply a mass mailing worm that would retrieve e-mail addresses from documents that were found on the infected system, spoof the from e-mail address, vary the subject and name of the attachment and use it’s own SMTP engine to send itself out to the addresses that it found. The main problem would be the time that your system would need to spend sending the e-mails out. Other than the use of system resources, there was no damage to the infected computer.

The later versions of the virus had payloads added. A file was added to perform a DoS, (Denial of Service) attack against various Web sites during a specific time period. It would continue with all of the characteristics of the previous versions but also added a file that would open a port on the infected system to allow remote access to the system. This seemingly would be to allow the hacker to send any type of executable file to the infected system and be able to run the file. As well as sending the infected files out to other unsuspecting e-mailers, an infected system would also experience a degradation of performance during the times when the DoS attack was being performed. There is no immediate damage that is inflicted but there is the possibility since the virus writer has access to the infected system and can send and run any file he chooses. Another virus could be sent that could do anything that the user sitting at the computer could do.

All of the versions of Netsky seem to be very mild compared to some of the other viruses that are out there. Bugbear attempts to end a number of processes, some of which are antivirus programs. It collects e-mail addresses and personal information from files on the system and also uses its own engine to send infected copies to these addresses. The fact that it terminates processes that relate to antivirus programs could be a big headache since that would now leave the infected system open to many other chances of becoming infected. There is also the chance that your personal information could be sent to the virus writer.

One of the most damaging viruses that I have seen would have to be the many different versions of Klez. Its main purpose, beyond spreading itself, was to disable many common antivirus products and infect executable files on the system. These infected files would then be useless to the user except that they would reinfect the system every time they were run. After a couple of weeks of infection, the computer would become unuseable and require servicing. Usually these systems would need a reinstallation of the operating system as well as any infected program files after the cleaning was finished.

While the damage that viruses inflict has decreased in the past few months, the annoyance of the enormous quantity of e-mail is getting to epidemic levels. Most of the increase in the amount of e-mails can be attributed to the fact that the viruses and Trojans are not inflicting the kind of damage that they used to and as such the infected systems continue to run and send copies out without the user suspecting anything.  Many of the previous viruses would infect so many files that the system would have to be serviced in a matter of weeks due to the number of errors and lockups that would be experienced. Servicing the system would most likely find the virus and its run would end at that point.

Many current versions are installing backdoor programs on the infected systems and sending out copies to spread itself, but for the most part, there is very little damage that is done to the infected system. Without a virus protection program in place, the viruses could run for many months or even years undetected.

The hackers seem to have gotten smart. A dead system is of no use to them to do their bidding. They have learned to open the door so they can get back in and continued with the spreading. This way they can send a file to an infected system, a new file that does some new stuff. This allows them to have their new virus out in the wild in record time. All because of the users that refuse to install antivirus software and set their system up to install updates.

If the users will take the time to use the resources that are available, we can put an end to this mess. Otherwise we are destined to continue on the path that we are traveling which seems to be a never-ending road. Let’s try to be responsible computer users and make an effort to bring someone else along with you.