cancel
Showing results for 
Search instead for 
Did you mean: 

Virus Information Update on W32/Netsky.P

N/A

Virus Information Update on W32/Netsky.P

W32/Netsky.P spreads on trigger date

MessageLabs, the leading provider of managed email security services to business, is warning computer users against W32/Netsky.P, the latest in a long line of Netsky variants. W32/Netsky.P was scheduled to begin mass mailing on 24th March 2004; MessageLabs has intercepted over 200,000 copies of the worm to date.

Name: W32/Netsky.P-mm
Number of copies intercepted so far: 200,000 +
Time & Date first Captured: 21st March 2004, 9.00 GMT

General

W32/Netsky.P is a mass mailing email worm that contains its own SMTP engine and harvests email addresses from infected machines in order to spread.

W32/Netsky-P also tries to delete registry entries that have been made by the W32/Mydoom and W32/Bagle worms.

Email characteristics

Subject line: Various, including:

Re: Re:
Re: Encrypted Mail
Re: Extended Mail
Re: Status
Re: Notify
Re: SMTP Server
Re: Mail Server
Re: Delivery Server
Re: Bad Request
Re: Failure
Re: Thank you for delivery
Re: Test
Re: Administration
Re: Message Error
Re: Error
Re: Extended Mail System
Re: Secure SMTP Message
Re: Protected Mail Request
Re: Protected Mail System
Re: Protected Mail Delivery
Re: Secure delivery
Re: Delivery Protection
Re: Mail Authentification

Text: Various, including:

Please confirm my request.
ESMTP [Secure Mail System #334]: Secure message is attached.
Partial message is available.
Waiting for a Response. Please read the attachment.
First part of the secure mail is available.
For more details see the attachment.
For further details see the attachment.
Your requested mail has been attached.
Protected Mail System Test.
Secure Mail System Beta Test.
Forwarded message is available.
Delivered message is attached.
Encrypted message is available.
Please read the attachment to get the message.
Follow the instructions to read the message.
Please authenticate the secure message.
Protected message is attached.
Waiting for authentification.
Protected message is available.
Bad Gateway: The message has been attached.
SMTP: Please confirm the attached message.
You got a new message.
Now a new message is available.
New message is available.
You have received an extended message. Please read the instructions.

Attached file: Various.

The email also contains a spoofed disclaimer in an attempt to lure users into a false sense of security. The disclaimer may be one of the following:

+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com

+++ Attachment: No Virus found
+++ Bitdefender AntiVirus - www.bitdefender.com

+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com

+++ Attachment: No Virus found
+++ Kaspersky AntiVirus - www.kaspersky.com

+++ Attachment: No Virus found
+++ Panda AntiVirus - www.pandasoftware.com

++++ Attachment: No Virus found
++++ Norman AntiVirus - www.norman.com

++++ Attachment: No Virus found
++++ F-Secure AntiVirus - www.f-secure.com

++++ Attachment: No Virus found
++++ Norton AntiVirus - www.symantec.de