Giorgius
29-03-2004, 15.04.20
Aliases:
W32.Netsky.Q@mm (Symantec), W32/Netsky-Q (Sophos)
Effetti:
Due to an increase in the rate of submissions Symantec Security Response has upgraded W32.Netsky.Q@mm from a Category 2 threat to a Category 3 threat as of 29th March, 2004.
W32.Netsky.Q@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the disk drives.
The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension.
The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.
W32.Netsky.Q@mm consists of 2 components: the dropper and the mass-mailer component, which is dropped as DLL and loaded by the dropper. The dropper is packed with Petite. The mass-mailer component (DLL) is packed with UPX.
Info:
http://www.symantec.com/avcenter/venc/data/w32.netsky.q@mm.html#technicaldetails
http://www.sophos.com/virusinfo/analyses/w32netskyq.html
http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3735&PHPSESSID=a292edef1398a3a32f18515c731a88c1
http://www.f-secure.com/weblog/#00000113
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101145
Aggiornamento AntiVirus al 29/03/04 ;)(Y)
W32.Netsky.Q@mm (Symantec), W32/Netsky-Q (Sophos)
Effetti:
Due to an increase in the rate of submissions Symantec Security Response has upgraded W32.Netsky.Q@mm from a Category 2 threat to a Category 3 threat as of 29th March, 2004.
W32.Netsky.Q@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the disk drives.
The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension.
The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.
W32.Netsky.Q@mm consists of 2 components: the dropper and the mass-mailer component, which is dropped as DLL and loaded by the dropper. The dropper is packed with Petite. The mass-mailer component (DLL) is packed with UPX.
Info:
http://www.symantec.com/avcenter/venc/data/w32.netsky.q@mm.html#technicaldetails
http://www.sophos.com/virusinfo/analyses/w32netskyq.html
http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3735&PHPSESSID=a292edef1398a3a32f18515c731a88c1
http://www.f-secure.com/weblog/#00000113
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101145
Aggiornamento AntiVirus al 29/03/04 ;)(Y)