W32/Netsky.Q@mm - Yet another variant gains momentum.
W32/Netsky.Q@mm emerged early morning on 29 March 2004 and and has been gaining momentum throughout the day. Due to the rate at which this new variant of the Netsky family has been spreading, it has been deemed medium risk by FRISK Software's virus analysts.
The Netsky family of mass mailing worms has today dominated the list of threats stopped by the F-Prot AVES managed e-mail security service with the top five being Netsky variants.
One of the main reasons W32/Netsky.Q@mm has gained such a large distribution in a relatively short
period of time is its use of social engineering to convince recipients to open attachments containing the worm's
executable. Users are therefore reminded not to open
unknown attachments and to follow
FRISK Software's Guidelines for Safe Computing.
On infection W/32Netsky.Q@mm harvests e-mail addresses from the infected computer's hard-drive
before using its own SMTP engine to spread itself further by sending itself to these harvested addresses.
E-mails carrying the worm have a falsified From: address and a number of different Subject lines and
messages. The worm's executable arrives in attachments with one of the following extensions:
.exe, .zip, .pif, and .scr
Users are advised to update
their virus signature files and make sure they have the
latest versions of
F-Prot Antivirus installed on their computers.
After updating the virus signature files, users should scan their
whole system with the F-Prot Antivirus OnDemand scanner to ensure
that their system's security was not compromised before the virus
signature files were updated.
For technical information and disinfection instructions please visit our
virus information section.
The latest versions of
F-Prot Antivirus detect W32/Netsky.Q@mm using virus signature files
dated 29 March 2004 or later.
Threat Description
Recommended Reactions
Threat Detection