W32/Netsky.Q@mm - Yet another variant gains momentum.

29 March 2004

W32/Netsky.Q@mm emerged early morning on 29 March 2004 and and has been gaining momentum throughout the day. Due to the rate at which this new variant of the Netsky family has been spreading, it has been deemed medium risk by FRISK Software's virus analysts.

The Netsky family of mass mailing worms has today dominated the list of threats stopped by the F-Prot AVES managed e-mail security service with the top five being Netsky variants.

One of the main reasons W32/Netsky.Q@mm has gained such a large distribution in a relatively short period of time is its use of social engineering to convince recipients to open attachments containing the worm's executable. Users are therefore reminded not to open unknown attachments and to follow FRISK Software's Guidelines for Safe Computing.

Threat Description

On infection W/32Netsky.Q@mm harvests e-mail addresses from the infected computer's hard-drive before using its own SMTP engine to spread itself further by sending itself to these harvested addresses. E-mails carrying the worm have a falsified From: address and a number of different Subject lines and messages. The worm's executable arrives in attachments with one of the following extensions: .exe, .zip, .pif, and .scr

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their system's security was not compromised before the virus signature files were updated.

For technical information and disinfection instructions please visit our virus information section.

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Netsky.Q@mm using virus signature files dated 29 March 2004 or later.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN