NetSky-Q launches attacks on KaZaA, eDonkey and eMule

By
Seán Byrne
-

When the first variants of the NetSky virus were released, the main aim
of the virus was to remove the Blaster virus (if present) and several other
viruses as well as rely on E-mail to distribute itself.  However when the NetSky creators
released variant 'Q' of its virus back on March 29th, they decided to set-up
their own Denial-Of-Service attack, but this time on file sharing networks and
warez sites rather than Microsoft, SCO and so on as what the Blaster variants
have done.


 


It appears that the NetSky creators are actually fighting against illegal
warez sites and file sharing provider websites despite causing inconvenience to
users by flooding their E-mail accounts with infected E-mail and hogging their
bandwidth to spread the virus as well as perform the DoS attacks.  The sites affected by NetSky.Q are main
websites of Kazaa, eDonkey and E-Mule as well as several popular websites
offering cracks and software key generators.  The attacks will take place between the
8th and 11th of April based on the system clock.  A rarer worm NetSky-T will also perform
attacks on similar sites but between April 14th and April 23rd. 


 


Targeted websites are preparing against the attacks with some such as the
eMule project warning users about these attacks and to visit an alternative
mirror.  The backup mirror for
E-mule is www.emule-project.org.  Users are warned to not open E-mail
attachments they did not expect and ensure their system is patched against the
Microsoft iFrame vulnerability.


Zombie
PCs infected with the NetSky-Q worm are set to launch distributed denial
of service attacks against P2P and warez sites tonight.


The worm will attempt
to flood the main Web sites of KaZaA and eDonkey with spurious traffic
between 00:01 8 April and 11 April (time taken from system clocks). Other
sites including cracks.st, cracks.am and www.emule-project.net are also
targeted for attack. File-sharing networks themselves won't be affected by
the worm, only access to Web sites.


NetSky-Q, which first
appeared on March 29, includes a message from the virus authors embedded
within its code. The previously unknown "SkyNet Antivirus Team" from
Russia claim they are educating users, and want to prevent hacking and
sharing of illegal content.


Between April 14 and April 23
a much rarer worm - NetSky-T - will launch a fresh wave of attacks against
a similar set of sites: cracks.am, emule.de, kazaa.com, freemule.net and
keygen.us. A few copies only have this low-risk virus have escaped onto
the Net, so the consequence are likely to be limited.


Read the
full article here.


 


While
we heard of the music and movie industries interested
in developing viruses to attack file sharing networks, it is quite odd to see virus developers quite happy to
help the music industry as well as software manufacturers.  While this virus does not attack the
file sharing networks them selves, it appears that the aim is to prevent new
users from joining by blocking the websites that offer the software.  I am sure the RIAA and MPAA are quite
happy to see how this virus performs.

Source: The Register

RELATED ARTICLESMORE FROM AUTHOR

No posts to display