Last month the LBNL virus wall once again prevented a large number (43,001) of virus, worm and infections. The number in February was 55,224. For the 11th straight month, this virus wall found and eradicated the Netsky.P worm more than any other, with 29,549 instances found and deleted, which is a slight reduction from the 32,157 instances in February. Netsky.P, a Windows-targeting worm, mails copies of itself to addresses that it harvests from address books and other files in machines that it has infected. It includes interesting subject lines and messages to goad users into opening its attachments, thereby causing their systems to become infected.

The Netsky.D worm was detected second most often with 3,580 instances identified and eradicated (compared to 3,573 last month). Netsky.D, which like the other members of the Netsky family targets Windows systems, sets up a mail engine that sends messages with subjects such as "Re: Thanks," "Re: Hi," "Re: Your website," "Re: Your Word file," and "Hello." Examples of message content include: "Here is your file," "Your file is attached," "Your document is attached," and "Please have a look at the attached file." The sender's address is spoofed--it is always an entry found in address books and other files in machines that this worm has infected. Attachments have a .pif extension. Netsky.D also changes Registry values and modifies files in systems that it infects.

The Netsky.Z worm cracked the "top three list" for the first time with 1,482 copies identified and deleted. This is another mass-mailing worm that targets Windows systems and falsifies sender addresses in an attempt to trick recipients of messages it sends into opening these messages, thereby infecting their systems. It arrives as a message with a variety of subject lines, message bodies, and attachment names. Subject lines include: “Hello,” “Hi,” “Important,” “Important bill!,” “Important data!,” “Important details!” “Important document!,” “Important informations!,” “Important notice!,” “Important textfile!,” “Important!” and “Information.” Attachments are .zip files with one of the following names: Bill.zip, Data.zip, Details.zip, Important.zip, Informations.zip, Notice.zip, Part-2.zip or Textfile.zip. Netsky.Z infects systems by copying itself into the system folder of each system it infects and then writing an entry in the Registry that makes this worm run every time the infected system starts. Netsky.Z also writes itself into infected systems several times, creating zip files in the process, and creates a mail engine that it uses to send infected attachments to addresses it finds in address books and other files. Additionally, this worm also attempts to launch denial of service attacks against a few Web sites.

Among the most notable of recent newcomers on the virus and worm scene are three new variants of the Beagle worm. Some of these variants attempt to install Trojan horse programs that halt anti-virus software on systems they have infected and also attempt to reach certain web sites from which more malicious programs can be downloaded.

What can you do to prevent worm and virus infections? Download a free copy of anti-virus software for your Lab or personally-owned PC or Mac system. Update it daily, and avoid opening attachments that you are not expecting, even if they appear to be from someone you know.