Discovered: April 20, 2004
Updated: February 13, 2007 12:21:38 PM
Also Known As: Win32.Netsky.X [Computer Assoc, W32/NetSky.X@mm [F-Secure], W32/Netsky.x@MM [McAfee], W32/Netsky.X.worm [Panda], W32/Netsky-Y [Sophos], WORM_NETSKY.X [Trend]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Netsky.X@mm is a variant of
W32.Netsky.W@mm that scans for email addresses on all non-CD-ROM drives on the infected computer. Then, the worm uses its own SMTP engine to send itself to the email addresses that it finds.
The From line of the email is spoofed, and its Subject, Message, and Attachment vary. The attachment has a .pif extension.
This threat is compressed with tELock.
Note:
- Symantec Consumer products that support Worm Blocking functionality automatically detect this threat as it attempts to spread.
- The worm has a MD5 of 0X2EAF40E4458668823F0C522EC6F537B7
Antivirus Protection Dates
-
Initial Rapid Release version April 20, 2004
-
Latest Rapid Release version August 20, 2008 revision 017
-
Initial Daily Certified version April 20, 2004
-
Latest Daily Certified version August 20, 2008 revision 016
-
Initial Weekly Certified release date April 20, 2004
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Moderate
Damage
Distribution
Writeup By: Robert X Wang
Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
