Panda Software reports the appearance of Netsky.X - 04/20/2004]

Discussion in 'malware problems & news' started by Marianna, Apr 20, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    PandaLabs has detected the appearance of the W32/Netsky.X worm. This is
    another new variant of Netsky, which so far in 2004 has caused numerous
    incidents to computers around the world. Its propagation is on the increase,
    although it has yet to reach alarming proportions.

    Netsky.X is designed to spread, using its own SMTP engine, to as many
    computers as possible. It searches for e-mail addresses to send itself to in
    files with the following extensions: .eml, .txt, .php, .cfg, .mbx, .mdx,
    .asp, .wab, .doc, .vbs, .rtf, .uin, .shtm, .cgi, .dhtm, .adb, .tbb, .dbx,
    .pl, .htm, .html, .sht, .oft, .msg, .ods, .stm, .xls, .jsp, .wsh, .xml,
    .mht, .mmf, .nch and ppt.

    The X variant of Netsky is transmitted in a message with the following
    characteristics:

    - The e-mail address of the sender is faked to confuse the recipient.

    - The message carrying the virus can appear in various languages depending
    on the country indicated in the domain of the recipient's e-mail address.
    So, if the domain is .de, .fi, .fr, .it, .no, .pl, .pt or .se, the message
    will be in German, Finnish, French, Italian, Norwegian, Polish, Portuguese
    or Swedish respectively. If there is a generic domain, the message is in
    English. Curiously, if the domain is .tc (Turks and Caicos Islands), the
    message includes the text "mutlu etmek okumak belgili tanimlik belge".

    - It includes a file with a .pif extension which contains the worm's code.
    The file size is 26,112 bytes and it is packed with "tElock".

    - Whatever the language, the text encourages the user to open the
    attachment.

    Netsky.X is programmed to carry out a denial of service attack between April
    28 and 30 2004, against www.nibis.de, www.medinfo.ufl.edu and www.educa.ch.

    More information on Netsky.X is available in Panda Software's Virus
    Encyclopedia.
     
Loading...
Thread Status:
Not open for further replies.