Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Netsky. Viruses Information

Name: I-Worm.Netsky.
Category: Viruses
Description: Details
I-Worm.Netsky.m

This worm spreads via the Internet as an attachment to infected messages.
The worm itself is a Windows PE EXE file, written in Microsoft Visual C++. It is approximately 16KB in size and packed using UPX. The unpacked file is approximately 140KB in size.
When launched, the worm recursively scans all disks, starting with C: for files with the following extensions:
adb
asp
cgi
dbx
dhtm
doc
eml
htm
html
jsp
msg
oft
php
pl
rtf
sht
shtm
tbb
txt
uin
vbs
wab
wsh
xml
It sends copies of itself to email addresses harvested from these files.
Installation
When launching, the worm copies itself to the Windows directory as Avprotect9x.exe. It then registers the full path to this file in the system registry:
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun:]
9xHtProtect = AVprotect9x.exe
This ensures that the worm will be launched each time Windows is started.
Infected messages
Message header;
Re: <%s> Approved
Re: <%s> Details
Re: <%s> Document
Re: <%s> Improved
Re: <%s> Information
Re: <%s> My details
Re: <%s> My document
Re: <%s> My file
Re: <%s> My information
Re: <%s> Requested document
Re: <%s> Requested file
Re: <%s> Your details
Re: <%s> Your document
Attachment name:
%s
articel_%s
detailed_%s
details_%s
doc_%s
document_%s
file_%s
improved_%s
message_%s
picture_%s
word_doc_%s
your_document_%s
your_file_%s
Message body:
%s is attached.
Authentification for %s required.
Details for %s.
Document %s.
I have attached your document %s."
I have received your document. The improved document %s is attached.
Please confirm the document %s.
Please read the attached file %s.
Please read the document %s.
Please read the important message msg_%s.
Please see the attached file %s for details.
Requested file %s.
See the file %s.
Your document %s is attached to this mail.
Your document %s is attached.
Your file %s is attached.
Signs of infection
The worm opens a group of several ports. The port numbers are increased incrementally across the whole group every few seconds. This behaviour makes it possible to detect the worm by using Kaspersky Anti-Hacker.



Top Viruses Visited Pages:
Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win32.Hidra - 41 visits
Win16.Klon.1177 - 40 visits
Marine.500 - 34 visits

Random Viruses Pages:
Hannibal.97
Massive.38
I-Worm.ZippedFiles (a.k.a. ExploreZip
I-Worm.Gand
Macro.Excel97/Word97.Shive
VCS Famil
DeathDragon.49
Backdoor.Cabrotor.10.
Macro.Word.Templ
Win95_Sot


 

© 2006-2008 spyware32.com - Privacy Policy