win32/netsky.b worm

Discussion in 'malware problems & news' started by Tatersalad, Jun 29, 2004.

Thread Status:
Not open for further replies.
  1. Tatersalad

    Tatersalad Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    76
    I've been getting the win32/netsky.b worm mailed to me twice a day now for a week. My question is where are these coming from?
    Does this mean that somebodies computer with my email address got infected and it's sending itself out from there, and if so why wouldn't I recognize the return path email? The return path is always different but the ip address stays the same. The body text is the random generated text that the netsky b worm uses like "something for you" or "anything ok". Here are the properties of one.

    From - Mon Jun 28 08:57:52 2004
    X-UIDL: <20040628083845.DUSB26794.mta4.adelphia.net@adelphia.net>
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 10000000
    Return-Path: <lindahurst@tiscali.co.uk>
    Received: from adelphia.net ([212.179.48.84]) by mta4.adelphia.net
    (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP
    id <20040628083845.DUSB26794.mta4.adelphia.net@adelphia.net>
    for <adelphia.net>; Mon, 28 Jun 2004 04:38:45 -0400
    From: lindahurst@tiscali.co.uk
    To: adelphia.net
    Subject: [virus Win32/Netsky.B worm] something for you
    Date: Mon, 28 Jun 2004 11:38:46 +0300
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="37784816"
    Message-Id: <20040628083845.DUSB26794.mta4.adelphia.net@adelphia.net>
    X-NOD32Result: Infected, Win32/Netsky.B worm


    --37784816
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    anything ok?


    __________ NOD32 1.796 (20040626) Notification __________

    Warning: NOD32 antivirus system found the following infiltrations in the message:
    part2.zip - Win32/Netsky.B worm - deleted
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas


    A thread on Netsky.B HERE
     
  3. Tatersalad

    Tatersalad Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    76
    I'm not infected with the worm, nod32's IMON catches and deletes them from the zip attachment. I just want to know why it's being sent to me every day from a different email address with the same IP address. It started after I used Incedimail's bounce to sender, which sends a fake undeliverable mail message to try to trick the spammer into thinking your email is invalid. Did I just piss someone off or is a friends computer infected and sending out copies?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas

    I understand that bouncing email is not useful. It just lets them know you are there.

    netsky
     
Loading...
Thread Status:
Not open for further replies.