Worm.Win32.NetSky.D Alert!

If you can hear a beep melody between 6 and 9 am this morning, then your computer has been infected with the NetSky.D worm.

This new worm only spreads via email attachments. The attachment filename is randomly choosen but always ends with .PIF.

The subject is one of the following lines:

"Re: Re: Document"
"Re: Re: Thanks!"
"Re: Thanks!"
"Re: Your document"
"Re: Here is the document"
"Re: Your picture"
"Re: Re: Message"
"Re: Hi"
"Re: Hello"
"Re: Re: Re: Your document"
"Re: Here"
"Re: Your music"
"Re: Your software"
"Re: Approved"
"Re: Details"
"Re: Excel file"
"Re: Word file"
"Re: My details"
"Re: Your details"
"Re: Your bill"
"Re: Your text"
"Re: Your archive"
"Re: Your letter"
"Re: Your product"
"Re: Your website"

When the file is started, the worm installs itself on your PC to get activated each system startup. It also tries to deactivate installed antivirus software.

It seaches the harddisk for email addresses which are used to spread itself.

A more detailled analysis of the worm can be found in the a² Malware Database:
http://www.emsisoft.com/en/malware/?Worm.Win32.NetSky.D

Netsky.D can be detected and removed with a² with the latest signature updates loaded. The a² background guard blocks the worm immediately if it is started.

3/2/2004 - Discuss this article in the forum


How would you rate the quality of this content?
    Rating: 7.92/10
60 votes
Poor ⇒    ⇐ Outstanding

Spring Offer!

Don't miss this: To your bought 1-year license of Emsisoft Anti-Malware or Emsisoft Internet Security Pack or higher you can now get a free license of the CyberGhost Anonymizer for free.
Your advantage: Surf anonymously and visit websites that are restricted in your country.

Only a few days left! Order here

Best In Test!