W32.Netsky@mm Mon, Feb 01 2010 |
Severity |
 |
|
Aliases: ,WORM_NETSKY.A [Trend] |
Infects: [Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP] |
| Description: |
W32.Netsky@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. This worm also searches drives C through Z for the folder names containing "Share" or "Sharing," and then copies itself to those folders.
Impact:
It uses its own SMTP engine to send itself to the email addresses it retrieves from the files whose extension is one of the following: .adb, .asp, .dbx, .doc, .eml, .htm, .html, .msg, .oft, .php, .pl, .rtf, .sht, .tbb, .txt, .uin, .vbs, and .wab.
Propagation:
It searches all the folders whose names contain "Share" or "Sharing" on drives C to Z, and then copies itself to the folder, if the drive is not the CD-ROM drive.
For Further Information:
http://www.symantec.com/norton/security_response/writeup.jsp?docid=2004-021615-4827-99 |
| Solution: |
Disable System Restore (Windows Me/XP).
Update the virus definitions of your antivirus product.
Run a full system scan.
Delete any values added to the registry. |
|
|
|
|
