W32.Netsky.Y@mm

W32.Netsky.Y@mm is a variant of W32.Netsky.X@mm that scans for the email addresses on all non-CD-ROM drives on an infected computer. Then, the worm uses its own SMTP engine to send itself to the email addresses that it finds.

The format of the email is:

Subject: Delivery failure notice (ID-<random number>)
Attachment: www.<random domain name>.<random username>.session-<random number>.com

This threat is compressed with PE-Pack.

---

Note:

• Symantec Consumer products that support Worm Blocking functionality automatically detect this threat as it attempts to spread.
• The worm has the MD5 hash value 0xbd9d6e41791e0703baf7ec8e61ee631e.
• Virus Definitions version 60420ah (extended version 4/20/2004 rev. 34) and greater are requred to detect this threat.

---

Protection

• Initial Rapid Release version April 20, 2004
• Latest Rapid Release version August 20, 2008 revision 017
• Initial Daily Certified version April 20, 2004
• Latest Daily Certified version January 20, 2009 revision 048
• Initial Weekly Certified release date April 20, 2004

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Medium
• Number of Infections: More than 1000
• Number of Sites: More than 10
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: High