Content:

Updated: 3 February 2004

Recommended reactions for all W32/Netsky@mm variants

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

For technical information and disinfection instructions please visit our virus information section.


More Netsky variants spread

1 March 2004

W32/Netsky.D@mm

W32/Netsky.D@mm; yet another variant of the Netsky mass mailer family, was discovered early on 1 March 2004. This worm is similar to other members of the Netsky family in that it attempts to deactivate the W32/Mydoom.A@mm and W32/Mydoom.B@mm viruses, while lacking some other features of earlier variants.

Threat Description

W32/Netsky.D@mm spreads via e-mails sent using its own SMTP engine and to addresses harvested from infected computers' hard drives. It does not, however, copy itself to shared folders and no error message is displayed when the worm is first run. On the other hand, this variant includes the same list of file extensions of folders in which to look for e-mail addresses and, like W32/Netsky.C@mm, avoids sending itself to e-mail addresses belonging to Microsoft as well as FRISK Software and other major antivirus companies.

Threat Detection

The latest versions of F-Prot Antivirus detect all variants of W32/Netsky.D@mm using virus signature files dated 1 March 2004 or later.


New Netsky variant spreads fast

26 February 2004

W32/Netsky.C@mm

W32/Netsky.C@mm was first discovered on 24 February 2004 and is the second variant of the original W32/Netsky@mm mass mailing worm. Two minor variants of W32/Netsky.C@mm were subsequently discovered on 25 February 2004. At present this worm is deemed to be medium risk. The worm has spread fastest in the Unites States but has been gaining momentum in other parts of the world.

Threat Description

As its predecessors, W32/Netsky.C@mm spreads itself via e-mail using its own SMTP engine while also copying itself to network fileshares allowing the worm to spread via both local as well as P2P (peer-to-peer) networks. When spreading via e-mail the worm's executable is contained in the attachment, sometimes in a ZIP archive. Note that unlike its predecessor, Netsky.C does not display an error box when first run.

On infection Netsky.C harvests e-mail addresses from the infected computer's hard-drive by searching through files with specific extentions before spreading itself further by sending e-mails containing the worm to these addresses. It is interesting to note that the the worm avoids sending e-mails to addresses at FRISK Software as well as other major antivirus companies.

Threat Detection

The latest versions of F-Prot Antivirus detect all variants of W32/Netsky.C@mm using virus signature files dated 26 February 2004 or later.


A new variant of the recent W32/Netsky@mm worm emerges

18 February 2004

W32/Netsky.B@mm

W32/Netsky.B@mm was first discovered on 18 February 2004 and is a new variant of the recent W32/Netsky@mm mass mailing worm. Because of the relatively quick pace at which this worm is spreading, it has been deemed medium risk by FRISK Software's virus analysts.

Threat Description

W32/Netsky.B@mm spreads via e-mails and is contained in executable attachments under various names (details). The attachments can also be zip-archives. On infection the worm harvests e-mail addresses from the infected computer's hard drive by searching files with particular extentions.

This worm also attempts to improve its spreading by scanning all local drives and copying itself to every directory called "Share" and "Sharing".

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Netsky.B@mm using virus signature files dated 18 February 2004 or later.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN