Like, the W32/Netskyag@MM offshoot uses an e-mail to gain entry and install itself into several files via the Windows directory. Once installed, it harvests e-mail addresses from the infected machine and sends out copies of itself in messages that look like they're from people on the e-mail database in the infected computer.
The virus differs from earlier versions in that it uses different compression technologies when sending itself out, a representative for security software maker McAfee said Thursday. This makes it more difficult to detect.
The subject line on the infected e-mails varies, with about 30 different ones identified so far. Most seem to be in Portuguese or a version of the language. Subject lines include "algo a mais" and "tudo sobre voce sabe." The message in the e-mail and the attachment use the same dialect and also vary.
A number of infections are coming from Brazil, McAfee said.
The security company has released a workaround for the virus. More information can be found at McAfee's Web site.
The Netsky virus has been one of the most prolific security threats of 2004, infecting millions of computers and spawning more than 25 variants. The virus has also been used to seed computers to with denial-of-service attacks. The suspected author of Netsky and the Sasser virus,, was arrested earlier this year and currently awaits trial.
The Portuguese Netsky variant was discovered Oct. 13. McAfee's Avert lab, which studies incoming viruses, raised the risk profile to "medium" Thursday.