|
|
#1
March 30th, 2004, 09:29 PM
|
||||
|
||||
W32/Netsky-R
Type Win32 worm At the time of writing, Sophos has received just one report of this worm from the wild. Description W32/Netsky-R is a mass mailing worm. A detailed description will be published here shortly. http://www.sophos.com/virusinfo/anal...32netskyr.html
__________________
Microsoft MVP - Consumer Security 2006 - 2010 |
|
#2
March 30th, 2004, 10:28 PM
|
||||
|
||||
|
Re:W32/Netsky-R
I-Worm/Netsky.R Installation: When the worm is launched, it copies itself as sysmonxp.exe to Windows Directory and registers itself as sysmonxp in Run key in Windows Registry. Worm creates firewallloger.txt file and zipo0.txt, zipo1.txt, zipo2.txt, zipo3.txt, zippedbase64.tmp and base64.tmp help files in same directory. Then it launches notepad.exe too. Spreading: e-mail Worm spreads by sending itself to e-mail addresses that are taken from files with xml, wsh, jsp, msg, oft, sht, dbx, tbb, adb, dhtm, cgi, shtm, uin, rtf, vbs, doc, wab, asp, php, txt, eml, html, htm and pl extension. Message format is as following: Sender address is faked. Message subject and body are variable. Message attachment name is random and could be zip archive or with executable extension. http://www.grisoft.com/virbase/virba...6fda676cae3000
__________________
Microsoft MVP - Consumer Security 2006 - 2010 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
