Antivirus software companies have warned that a new version of the NetSky e-mail worm is circulating on the internet, only a day after the appearance of a variant of the Beagle or "Bagle" worm prompted similar warnings.
NetSky.B, also known as Moodown.B, first appeared yesterday and is spreading through infected e-mail messages and shared network folders. Once installed, NetSky tries to disable antivirus software, steal e-mail addresses and copy itself to shared network folders.
NetSky.A appeared on Monday. Both variants arrive in e-mail messages that have randomly generated subject lines such as "something for you", "hello" or "fake". The worm file is contained in a zipped attachment that also has a randomly generated name and file type such as "document", "stuff" or "party". File attachments with an .exe, .scr or .pif extension are also common, said antivirus company TruSecure.
Network Associates is receiving between 40 and 50 copies of the worm each hour, both from customers and worm-generated e-mail, according to a company spokeswoman.
Most copies of the worm appear to be coming from the Netherlands and elsewhere in Europe.
Antivirus companies released updated virus definition files to spot the latest version of NetSky and advised customers to update their antivirus software as soon as possible.
The new worm outbreak follows a similar infestation on Tuesday, when another version of the Beagle (or "Bagle") worm surfaced and began spreading rapidly.
The sudden appearance of virus-laden e-mail messages may be evidence of a virus spreading, or of a massive "seeding" of a new virus using spam e-mail messages, antivirus experts said.
A similar seeding was behind the sudden appearance of NetSky.A on Monday, said antivirus company F-Secure.
Paul Roberts writes for IDG News Service