Store Locator: Enter Zip Code: List All Locations

Beware of a new worm that goes by W32.Netsky.B!

Question

W32.Netsky.B mass-mailing worm that is hitting hard accross the web (2/20/2004).

Answer

This question was answered on February 19, 2004. Much of the information contained herein may have changed since posting.

W32.Netsky.B is a level 4 mass-mailing worm that is working its way accross the Net. The worm uses its own SMTP engine to send itself to email addresses it finds when scanning the hard drives & mapped drives. This tricky worm searches drives C tru Z for any folder names that contain the word "Share" or "Sharing" so it may then copy itself to them.

The email message has the following characteristics:

From: (It is spoofed)

DO NOT BLAME THE SENDER, AS THEY ARE AN INNOCENT PARTY TO THE WORM!

Subject: (One of the following)

hi

hello

read it immediately

something for you

warning

information

stolen

fake

unknown

Message: (One of the following)

anything ok?

what does it mean?

ok

i'm waiting

read the details.

here is the document.

read it immediately!

my hero

here

is that true?

is that your name?

is that your account?

i wait for a reply!

is that from you?

you are a bad writer

I have your password!

something about you!

kill the writer of this document!

i hope it is not true!

your name is wrong

i found this document about you

yes, really?

that is bad

here it is

see you

greetings

stuff about you?

something is going wrong!

information about you

about me

from the chatter

here, the serials

here, the introduction

here, the cheats

that's funny

do you?

reply

take it easy

why?

thats wrong

misc

you earn money

you feel the same

you try to steal

you are bad

something is going wrong

something is fool

Attachment:

W32.Netsky.B@mm will create a .zip file as the attachment 51.5% of the time, which randomly chooses one of the Attachment Names below. The archive contains an executable copy of the worm, which also randomly chooses one of the Attachment Names below.

The rest of the time the worm will use a copy of itself as the attachment, and randomly choose one of the Attachment Names below.

Attachment Name: (One of the following)

document

msg

doc

talk

message

creditcard

details

attachment

me

stuff

posting

textfile

concert

information

note

bill

swimmingpool

product

topseller

ps

shower

aboutyou

nomoney

found

story

mails

website

friend

jokes

location

final

release

dinner

ranking

object

mail2

part2

disco

party

misc

Extensions:

If the attachment is an executable file, the worm will create a double extension 53.8% of the time. If the attachment is a .zip file, then the executable within the .zip will have a double extension 33% of the time. The first, variable extension in these cases will be one of the following:

.txt

.rtf

.doc

.htm

All executables will end with one of the following extensions:

.exe

.scr

.com

.pif

This worm is designed to attack Windows 2k, 95, 98, Me, and XP but does not affect Linux, Macintosh, UNIX, and Windows 3.x based systems.

Get complete instructions on protection and removal from Symantec at:

<a href= "http://www.sarc.com/avcenter/venc/data/w32.netsky.b@mm.html"> http://www.sarc.com/avcenter/venc/data/w32.netsky.b@mm.html</a>

Note: W32.Netsky.B@mm may spread through file-sharing networks, Instant Messaging clients, or Windows shared folders.

Author

Posted by Michal of Data Doctors on February 19, 2004

Personal Services | Business Services | Radio Show | Free Help Center | Franchising | About Us | Sitemap

Business Network Solutions | Computer Data Recovery | Computer Franchises | Computer Hardware Repair | Computer Help | Computer Network Support | Computer Problems | Computer Repair | Computer Troubleshooting | Data Recovery | Data Recovery Service | Data Recovery Services | Disk Recovery | File Recovery | Wireless Networking Solutions