Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.
Home | Recent | Sitemap

WORM_NETSKY.D
BugsAlert Home > WORM_NETSKY.D
 
 

This memory-resident worm uses its own SMTP engine to propagate via email. It sends email with the following details:

Subject: (any of the following)
Re: Approved
Re: Details
Re: Document
Re: Excel file
Re: Hello
Re: Here
Re: Here is the document
Re: Hi
Re: My details
Re: Re: Document
Re: Re: Message
Re: Re: Re: Your document
Re: Re: Thanks!
Re: Thanks!
Re: Word file
Re: Your archive
Re: Your bill
Re: Your details
Re: Your document
Re: Your letter
Re: Your music
Re: Your picture
Re: Your product
Re: Your software
Re: Your text
Re: Your website

Message Body:(any of the following)
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
See the attached file for details.
Here is the file.
Your document is attached.

Attachment:(any of the following)
all_document.pif
application.pif
document.pif
document_4351.pif
document_excel.pif
document_full.pif
document_word.pif
message_details.pif
message_part2.pif
mp3music.pif
my_details.pif
your_archive.pif
your_bill.pif
your_details.pif
your_document.pif
your_file.pif
your_letter.pif
your_picture.pif
your_product.pif
your_text.pif
your_website.pif
yours.pif

Below is a screenshot of a sample email sent out by this worm:

Sample worm email.

This worm drops a copy of itself as the file WINLOGON.EXE in the Windows folder. It creates a thread for searching email addresses, which it gathers from files with specific extensions, in drives C to Z (except for the CD-ROM drive).

(Note: On Windows NT, 2000 and XP, there is a normal application named WINLOGON.EXE in the Windows system folder.)

It connects to a local or several external DNS servers, which it uses as its SMTP server, to search for a mail exchanger that matches the domain yahoo.com.

This malware arrives as a Petite-compressed executable file and is written using Microsoft Visual C++, a high-level programming language.

It runs on Windows 95, 98, ME, NT, 2000, and XP.

Note that one reported sample of this NETSKY variant sends the spammed email through BCC. For more information, see Other Details.




Original Source: http://feeds.trendmicro.com/~r/MalwareTop10/~3/141924588/default5.asp

Learn more about WORM_NETSKY.D
 
Tags: worm netsky.d

Related Items
      FrSIRT - Ubuntu Security Update Fixes Thunderbird Multiple Vulnerabilities

      SAP Netweaver 6.40-7.0 Cross-Site-Scripting

      Microsoft Windows "WRITE_ANDX" SMB Packet Handling Denial of Service

      News: Groups warn travelers to limit laptop data

      Vuln: BlogMe PHP 'comments.php' SQL Injection Vulnerability

      Brief: Microsoft touts Vista's low flaw count

      TROJ_QHOST.GN

 
© 2007-2008 BugsAlert.com Original template by Arcsin Hosted By 1and1


Pixel