An email worm posing as a PIF file is spreading rapidly across the Net today.

The Netsky-D worm is clogging in-boxes already sagging under the collective load of five new variants of the Bagle worm and sundry other irritants.

Netsky-D normally arrives in email with a variety of subject names (including Re: Approved, Re: Details, Re: Document, Re: Your letter), message texts and a PIF attachment. As usual, the worm is a Windows-only menace.

Anti-virus software firm are split between rating Netsky-D as high risk (F-Secure, Kaspersky, Trend, Sophos), medium risk (Network Associates) and low risk (Symantec).

Email filtering firm MessageLabs blocked more than 54,000 copies today. Natasha Staley, a consultant with the company, said: "It's out there and spreading but it's nowhere on the big as MyDoom."

Tomorrow morning (March 2) between 06:0am and 8:59am the worm will try to activate PC speakers into making a constant beeping noise. It's unclear if this is simply more mischief or an attempt to push infected users into cleaning up their PCs.

Like its siblings, Netsky-D tries to make registry-key changes, including some that are de-activate any lurking copies of MyDoom-A and MyDoom-B viruses.

Advice from AV vendors follows a familiar pattern: block executables files at the gateway, don't open unsolicited email attachments, update AV signature files and wear a regulation tin-foil hat. ®

Related Stories

Netsky B is very pesky
MyDoom and Netsky cause chaos
Fistful of Bagles shoot up the Net