Netsky-V worm can infect computers without e-mail attachment being clicked

No need to double-click to be infected by Netsky-V the new Netsky-V worm (W32/Netsky-V) spreads without using email attachments to infect. Other widespread versions of the Netsky worm have infected users by tempting them to double-click on an email attachment, but Netsky-V exploits security loopholes in Microsoft's software that mean users can be hit just by reading an email. Emails containing the exploit, which can use subject lines such as 'Converting message. Please wait...' and 'Please wait while loading failed message...', attempt to download a copy of the worm from another user's computer. "Home users are especially vulnerable to this kind of attack as their computers are often not properly protected with a personal firewall or the latest anti-virus updates," said Graham Cluley, senior technology consultant for Sophos. "Personal computer users should consider checking out Microsoft's security update website, which can scan home PCs for security vulnerabilities and suggest which critical patches need to be installed."

Sophos recommends that computer users monitor announcements from operating system, application and web server software vendors for details of new vulnerabilities found in their code. Many viruses have exploited loopholes in commonly used web browsers and email software to increase their chances of spreading effectively. Loopholes are found in products on a weekly basis, some significant, some trivial. "IT managers should keep abreast of these loopholes and apply patches where appropriate before new viruses come along to exploit them," continued Cluley.