Panda Software reports on the new Nestky.D worm - 0 3/01/2004

Discussion in 'malware problems & news' started by Marianna, Mar 1, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    - Panda Software reports on the new Nestky.D worm -
    Virus alerts, by Panda Software (http://www.pandasoftware.com)

    Madrid, March 1, 2004 - PandaLabs has detected the appearance of the new D
    variant of the Netsky worm (W32/Netsky.D.worm). This malicious code is very
    similar to its predecessor, Netsky.B, which has been the virus most
    frequently detected by the free online antivirus Panda ActiveScan over the
    last few days.

    Netsky.D reaches computers in an e-mail message whose subject, message body
    and attached file are selected at random from a list of options. For more
    details, consult Panda Software's Virus Encyclopedia.

    Netsky.D spreads by e-mail, sending itself out to all the address it finds
    in files with the extensions: EML, .TXT, .PHP, .PL, .HTM, .HTML, .VBS, .RTF,
    .UIN, .ASP, .WAB, .DOC, .ADB, .TBB, .DBX, .SHT, .OFT, .MSG, .SHTM, .CGI, and
    .DHTM. To do this it uses its own SMTP engine. Unlike the C variant,
    Netsky.D launches eight simultaneous threads, which means that from each
    infected computer, it will send at least eight times more infected mails.

    Netsky.D deletes entries created by several worms, including Mydoom.A and
    Mimail.T. In addition, when the system date is March 2 2004, the worm will
    make random noises between 6:00 and 8:59 in the morning.

    The appearance of Netsky.D comes in addition to that of the C, D, E, F and G
    variants of the Bagle, worm which appeared over the weekend. "Bagle.E, in
    particular, is causing incidents in computers around the world according to
    the data collected by Panda Software's international tech support network,"
    explains Luis Corrons, head of PandaLabs.

    Bagle.E spreads via e-mail in a message with an attached file -with an icon
    similar to Windows Notepad-, and with a name made up of random characters
    and the ZIP extension. When this file is run, the computer will be infected
    by the worm, which then searches for e-mail addresses in files with the
    following extensions: WAB, TXT, HTM, HTML, DBX, MDX, EML, NCH, MMF, ODS,
    CFG, ASP, PHP, PL, ADB and SHT. Bagle.E also terminates several process
    belonging to security applications, leaving the computer vulnerable to
    future attack.

    Due to the possibility of incidents involving Bagle.C, Bagle,D or Bagle.E,
    Panda Software has made the free PQRemove utility available to detect and
    remove these malicious code. This tool can be downloaded from:
    http://www.pandasoftware.com/download/utilities.


    "With the waves of variants that are now appearing -such as Nestky.D and the
    Bagle 'family' which have appeared this weekend it is probable that there
    are still more to come. For this reason, users should treat all e-mail
    received with caution and update their antivirus solutions as soon as
    possible," says Corrons.
     
Loading...
Thread Status:
Not open for further replies.