Netsky virus

[pyrodude]

I keep rrecieving the netsky virus and luckily my email wont let it open. I just want to know what does it actually do. one of my friends says all it does is turn his computer off.

[John Prophet]

http://securityresponse.symantec.com...tsky.p@mm.html

---

W32.Netsky.P@mm (also known as W32.Netsky.Q@mm) is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.

The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension.

The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.

This threat is compressed with FSG.


---

also http://www.trendmicro.com/vinfo/viru...=WORM_NETSKY.P

----

it basically looks like it just re-sends itself thru email..doesnt look like it does destructive things

----

Have you done all of your windows updates??

---

I also noticed this

It deletes several autorun registry entries in an attempt to prevent the automatic execution of BAGLE, NACHI, MYDOOM and DEADHAT worms. It also deletes certain registry keys.

lol..what is with that...I have seen this a few times lately...where the virus will try to disable other viruses....sort of funny..is that a competition thing or something between virus writers?
JP

[nomaxim]

Tell your friends that it will send itself to everyone in thier address book. One of them is more then likely sending it to you.

Quote:

lol..what is with that...I have seen this a few times lately...where the virus will try to disable other viruses....sort of funny..is that a competition thing or something between virus writers?

JP, that's been going on for awhile now. The writers of MyDoom, Netsky, and one other virus have been fighting a little ego war with these. Lines have been found hidden in the code saying things like, MyDoom- "Netsky blows", Netsky- " you others can't keep up." They have also been trying to remove each other. Script-kiddies, what can I say.

Additional Info: NAI (McAfee)

[John Prophet]

I noticed it the other nite while cleaning the "agobot" worm off a guys comp...from symantecs site--->

Attemps to kill all the running processes that other worms have dropped:
mspatch.exe
msblast.exe
scvhosl.exe
winhlpp32.exe
tftpd.exe
dllhost.exe
winppr32.exe

lol...then of course I got a major kick out of what else it did...

--->Steals CD keys of the following games:
Warcraft III
Soldier of Fortune II - Double Helix
Neverwinter
Westwood\Nox
Tiberian Sun
Red Alert 2
Red Alert
Project IGI 2
Command & Conquer Generals
Battlefield 1942 Secret Weapons of WWII
Battlefield 1942 The Road to Rome
Battlefield 1942
Rainbow Six III RavenShield
Nascar Racing 2003
Nascar Racing 2002
NHL 2003
NHL 2002
FIFA 2003
FIFA 2002
Need For Speed Hot Pursuit 2
The Gladiators
Unreal Tournament 2003
LoMaM
Counter-Strike
Half-Life



Thats hilarious

JP