- Recommended Reactions
Recommended reactions for all W32/Netsky@mm variants
After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.
For technical information and disinfection instructions please visit our virus information section.
More Netsky variants spread
W32/Netsky.D@mm; yet another variant of the Netsky mass mailer family, was discovered early on 1 March 2004. This worm is similar to other members of the Netsky family in that it attempts to deactivate the W32/Mydoom.A@mm and W32/Mydoom.B@mm viruses, while lacking some other features of earlier variants.
W32/Netsky.D@mm spreads via e-mails sent using its own SMTP engine and to addresses harvested from infected computers' hard drives. It does not, however, copy itself to shared folders and no error message is displayed when the worm is first run. On the other hand, this variant includes the same list of file extensions of folders in which to look for e-mail addresses and, like W32/Netsky.C@mm, avoids sending itself to e-mail addresses belonging to Microsoft as well as FRISK Software and other major antivirus companies.
W32/Netsky.C@mm was first discovered on 24 February 2004 and is the second variant of the original W32/Netsky@mm mass mailing worm. Two minor variants of W32/Netsky.C@mm were subsequently discovered on 25 February 2004. At present this worm is deemed to be medium risk. The worm has spread fastest in the Unites States but has been gaining momentum in other parts of the world.
As its predecessors, W32/Netsky.C@mm spreads itself via e-mail using its own SMTP engine while also copying itself to network fileshares allowing the worm to spread via both local as well as P2P (peer-to-peer) networks. When spreading via e-mail the worm's executable is contained in the attachment, sometimes in a ZIP archive. Note that unlike its predecessor, Netsky.C does not display an error box when first run.
On infection Netsky.C harvests e-mail addresses from the infected computer's hard-drive by searching through files with specific extentions before spreading itself further by sending e-mails containing the worm to these addresses. It is interesting to note that the the worm avoids sending e-mails to addresses at FRISK Software as well as other major antivirus companies.
The latest versions of F-Prot Antivirus detect all variants of W32/Netsky.C@mm using virus signature files dated 26 February 2004 or later.
A new variant of the recent W32/Netsky@mm worm emerges
W32/Netsky.B@mm was first discovered on 18 February 2004 and is a new variant of the recent W32/Netsky@mm mass mailing worm. Because of the relatively quick pace at which this worm is spreading, it has been deemed medium risk by FRISK Software's virus analysts.
W32/Netsky.B@mm spreads via e-mails and is contained in executable attachments under various names (details). The attachments can also be zip-archives. On infection the worm harvests e-mail addresses from the infected computer's hard drive by searching files with particular extentions.
This worm also attempts to improve its spreading by scanning all local drives and copying itself to every directory called "Share" and "Sharing".
The latest versions of F-Prot Antivirus detect W32/Netsky.B@mm using virus signature files dated 18 February 2004 or later.