Discovered: February 18, 2004
Updated: February 13, 2007 12:17:41 PM
Also Known As: W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky], I-Worm.NetSky.b [Kaspersky], W32/Netsky-B [Sophos], Win32.Netsky.B [Computer Assoc
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Due to a decreased rate of submissions, Symantec Security Response has downgraded W32.Netsky.B@mm from a Category 3 to a Category 2 as of May 12, 2004.
W32.Netsky.B is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. This worm also searches drives C through Z for folder names containing "Share" or "Sharing," and then copies itself to those folders.
The Subject, Body, and email attachment vary.
Translations of this Document:
Given the time required to translate documents into other languages, the translated versions of this document may vary in content if the English document was updated with new information during the translation process. The English document always contains the most up-to-date information.
Available translations:
German
French
Italian
Portuguese
Spanish
Korean
Japanese
Simplified Chinese
Traditional Chinese
Protection
-
Initial Rapid Release version February 18, 2004
-
Latest Rapid Release version July 27, 2009 revision 085
-
Initial Daily Certified version February 18, 2004
-
Latest Daily Certified version July 27, 2009 revision 073
-
Initial Weekly Certified release date February 18, 2004
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Medium
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: Medium
-
Threat Containment: Easy
-
Removal: Moderate
Damage
Distribution
Writeup By: Fergal Ladley