Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

New Netsky Worm Poses as a Cure for Sasser, Reports Sophos

  • 04 May, 2004 13:21

<p>Sophos warns users not to fall for confidence trick, as Netsky author claims he is the creator of the Sasser worm</p>
Sydney, 04 May 2004</p>
<p>Virus researchers at Sophos have warned users that a new in-the-wild worm, Netsky-AC (W32/Nestky-AC), is posing as a cure for the fast-spreading Sasser worm.</p>
<p>A file which claims to come from an anti-virus company and to be a fix for the Sasser worm, is attached to emails generated by Netsky-AC.</p>
<p>With the Sasser worm spreading quickly around the world, infecting internet users and generating headlines in the media, Sophos is concerned that some users may fall for Netsky-AC's trick and launch its damaging payload.</p>
<p>"In a malicious piece of what is described as social engineering, the latest Netsky worm arrives as an email pretending to be a warning from a security company. It advises that the computer has been infected with the highly publicised Sasser or other viruses," said Rob Forsyth, Managing Director of Sophos Australia and New Zealand.</p>
<p>"Through recent publicity, most users are now aware that there is danger in clicking on any attached file. If the attachment is run, the worm can forward itself to addresses found on the victim's computer, spreading the virus even further."</p>
<p>As well as claiming to be a warning about Sasser, the worm can also refer to the viruses 'NetSky.AB', 'Bagle.AB', 'Mydoom.F', and 'MSBlast.B'.</p>
<p>Hidden inside the code of Netsky-AC is the following text, directed towards anti-virus companies and suggesting that the Netsky author also wrote the Sasser worm:</p>
<p>‘Hey, av firms, do you know that we have programmed the sasser virus?!?. Yeah thats true! Why do you have named it sasser? A Tip: Compare the FTP-Server code with the one from Skynet.V!!! LooL! We are the Skynet... ‘</p>
<p>Sophos recommends all computer users practise safe computing and ensure their computers are properly updated and protected from viruses and worms."</p>
<p>More information about the W32/Netsky-AC and Sasser worms can be found at:</p>
<p>Free Removal Tool:
Sophos has released a free removal tool which disinfects computers infected by the fast-spreading Sasser internet worm (W32/Sasser-A and W32/Sasser-B).</p>
<p>To download the free removal tool or find out more information about the Microsoft security vulnerability it exploits, visit:</p>
<p>Further information from Microsoft about the Sasser worm and the security vulnerability can be found at:</p>
<p>Home users who do not know if their computers are running the latest Microsoft security patches should visit the Microsoft WindowsUpdate website:</p>
<p>Notes for Editors</p>
<p>About Sophos.
Sophos is a world leading specialist developer of anti-virus and anti-spam software. Sophos is headquartered in the UK and protects all types of organisations, including small- to medium-sized businesses, large corporations, banks, governments and educational institutions against viruses and spam. The company is acclaimed for delivering the highest level of customer satisfaction and protection in the industry. Sophos's products, backed by 24 hour support are sold and supported in more than 150 countries.</p>
<p>Sophos's regional head office for Australia and New Zealand is in Sydney and hosts one of the company's three Computer Virus Research and Development Laboratories to provide global support services.</p>
Rob Forsyth ( is available for comment:
+61 417 234 176 (mobile)
+61 2 9409 9100 (tel)
+61 2 9409 9191 (fax)</p>
<p>Sophos's press contact at Gotley Nix Evans is:
Michael Henderson (
+61 2 9957 5555 (tel)
+61 413 054 738 (mobile)
+61 2 9957 5575 (fax)</p>

Most Popular