New Virus Is a Kick in the Head for Admins
There was a new virus out yesterday, and it's nothing that scary - just another NetSky variant. Everyone's virus server is handling it just fine, spitting out emails to users saying things like "you had a virus in your inbox, but i've quarantined it."
Unfortunately, all users (and pointy haired bosses) ever read is AHHH VIRUS, MUST CALL EYE TEE! STAT!
Of particular note about NetSky-D is that is appears to have a new mail forging algorithm. Instead of just faking the from address, it attempts to fake it specifically from someone you know. This little nasty is harvesting addresses from both address books and any file on your C: through Z: drives.
The reason this sucks so much is that ALL of the email addresses at Common Ground appear to have been harvested, possibly from infections on certain home user's pcs. The code in NetSky-D seems to be realizing that it has multiple addresses in the same domain and is using them together to make it look like internal mail. This isn't helped by the fact that Exchange translates email address, forged or not, to the complete name of the sender when they match.
Although these messages are being caught by the virus scanner, they look like legit mail which was inappropriately blocked. For example, I get errors saying that a message from John Doe to Tom Cruise was blocked due to an unscannable message body. In reality, a forged mail to tcruise@cg.org had jdoe@cg.org in the from, confusing the hell out of my server.
What a mess.
