[Dialogue] Virus reported under my name
WayneNelson
wnelson at ica-associates.ca
Sun May 23 23:08:20 EDT 2004
From
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.q@mm.html
The W32.Netsky.Q at mm worm:
* Is a mass-mailing worm that consists of two components: a dropper and
a mass-mailing component.
* Uses its own SMTP engine to send itself to the email addresses it
finds when scanning the disk drives.
* Uses the
<http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx>Incorrect
MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to
cause unpatched systems to auto execute the worm when reading or previewing
an infected message.
The From line of the email is spoofed, and its Subject line and message
body vary. The attachment name also varies and has a .exe, .pif, .scr, or
.zip file extension.
Notes:
* Symantec antivirus products that support Worm Blocking functionality
automatically detect this threat as it attempts to spread.
* The worm has an MD5 value of 0x04871d17dbbd1911afc76aad6d9dbd20.
* LiveUpdate virus definitions created March 28, 2004 (US Pacific Time)
which were released on March 29, 2004 (US Pacific Time) contain detection
for this threat.
* Symantec Security Response has developed a
<http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html>removal
tool to clean the infections of W32.Netsky.Q at mm.
>
><http://securityresponse.symantec.com/avcenter/refa.html#aka>Also Known
>As: W32/Netsky.Q at mm [McAfee], W32/Netsky-Q [Sophos], WORM NETSKY.Q
>[Trend], Win32.Netsky.Q [Computer Associates], I-Worm.NetSky.r [Kaspersky]
>Type: <http://securityresponse.symantec.com/avcenter/refa.html#worm>Worm
><http://securityresponse.symantec.com/avcenter/refa.html#length>Infection
>Length: 28,008 bytes
><http://securityresponse.symantec.com/avcenter/refa.html#systemsaffected>Systems
>Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT,
>Windows XP
><http://securityresponse.symantec.com/avcenter/refa.html#systemsnotaffected>Systems
>Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x
>,
******************
Wayne Nelson - ICA Associates - 416-691-2316
wnelson at ica-associates.ca
More information about the Dialogue
mailing list