TechWeb

Netsky.x Lays Out Web Sites

Apr 28, 2004 (12:04 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=19202237


The Netsky.x worm, which hit the Internet more than a week ago and targeted a trio of educational Web sites for denial-of-service attacks, has laid low two of the three in the first day of its scheduled three-day assault.

Version X of the persistent Netsky worm was the first to put a denial-of-service bull's-eye on nibis.de, medinfo.ufl.edu, and educa.ch, educational sites from Germany, the United States, and Switzerland, respectively. Earlier Netsky worms took on peer-to-peer file-sharing sites, such as kazaa.com.

The attacks, which began Wednesday by Netsky.x-infected computers, and are to run through Friday, effectively shut down the German and U.S. sites, according to Ken Godskind, VP of monitoring firm AlertSite.

"While the Swiss education server appears to be maintaining availability--for now--the other two sites are unavailable to all or most users," Godskind said Wednesday morning in an E-mailed statement.

The Swiss site was holding up well under the attack, with availability at 80% to 90%, said Godskind, while the German site was available to only about 20% of those requesting it between 7 a.m. and 9 a.m. EDT. The American site, a server run by the University of Florida's College of Medicine, was offline completely. By noon EDT, all three sites were up, although access remained spotty on both the German and American site.

Other variants released after Netsky.x, including Netsky.y and Netsky.z, also targeted the three sites for denial-of-service attacks that could run as long as May 5.

However, the two most recent Netskys, however, dubbed Netsky.aa and Netsky.ab, which appeared Monday and Wednesday, respectively, don't take aim at the educational sites. Instead, Netsky.ab tries to delete the entries of several variations of its rival, Bagle, from the Windows Registry.