Netsky-Q Worm Preparing To Blast Websites Off The Net

The Netsky-Q worm (W32/Netsky-Q) is set to launch distributed denial of service attacks against a number of websites as infected computers pass midnight tonight. The worm – which according to Sophos’s lab is currently the 8th most prevalent worm in the wild – attempts to bring down file-sharing websites, such as the popular KaZaA site from 00:01 on 8 April 2004.

“The worm is using innocent infected computers around the world to try and launch its attack,” said Graham Cluley, senior technology consultant for Sophos. “Netsky-Q sits in the background watching the infected computer’s internal clock. Once it clicks over to 8 April the barrage begins, so it’s possible the websites may be affected as computers in Asia Pacific change their date first.”

The full list of websites targeted by W32/Netsky-Q is www.cracks.st, www.cracks.am, www.emule-project.net, www.kazaa.com, and www.edonkey2000.com.

“The Netsky-Q worm launches its strikes against the websites over the long Easter weekend. Home users should ensure their computers are properly protected with anti-virus updates and a personal firewall to ensure they are not contributing to the problem,” continued Cluley.

In a statement on www.emule-project.net, the eMule owners have advised users that the site will be unavailable “because of the upcoming DDoS Attack against our servers” and suggests visitors access a mirrored version of the site instead.

Earlier this year the MyDoom worm successfully knocked SCO’s website off the internet via a distributed denial of service attack. Other websites targeted for similar attacks in the past have included those belonging to Microsoft and the RIAA.

Further details about Netsky-Q can be found at: