Panda Software reports the appearance of Netsky.X - 04/20/2004]

Discussion in 'malware problems & news' started by Marianna, Apr 20, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Apr 23, 2002
    B.C. Canada
    PandaLabs has detected the appearance of the W32/Netsky.X worm. This is
    another new variant of Netsky, which so far in 2004 has caused numerous
    incidents to computers around the world. Its propagation is on the increase,
    although it has yet to reach alarming proportions.

    Netsky.X is designed to spread, using its own SMTP engine, to as many
    computers as possible. It searches for e-mail addresses to send itself to in
    files with the following extensions: .eml, .txt, .php, .cfg, .mbx, .mdx,
    .asp, .wab, .doc, .vbs, .rtf, .uin, .shtm, .cgi, .dhtm, .adb, .tbb, .dbx,
    .pl, .htm, .html, .sht, .oft, .msg, .ods, .stm, .xls, .jsp, .wsh, .xml,
    .mht, .mmf, .nch and ppt.

    The X variant of Netsky is transmitted in a message with the following

    - The e-mail address of the sender is faked to confuse the recipient.

    - The message carrying the virus can appear in various languages depending
    on the country indicated in the domain of the recipient's e-mail address.
    So, if the domain is .de, .fi, .fr, .it, .no, .pl, .pt or .se, the message
    will be in German, Finnish, French, Italian, Norwegian, Polish, Portuguese
    or Swedish respectively. If there is a generic domain, the message is in
    English. Curiously, if the domain is .tc (Turks and Caicos Islands), the
    message includes the text "mutlu etmek okumak belgili tanimlik belge".

    - It includes a file with a .pif extension which contains the worm's code.
    The file size is 26,112 bytes and it is packed with "tElock".

    - Whatever the language, the text encourages the user to open the

    Netsky.X is programmed to carry out a denial of service attack between April
    28 and 30 2004, against, and

    More information on Netsky.X is available in Panda Software's Virus
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.