XP Maximized
Making Windows XP Work Better!
HOME    |    NEWS FEED

 Search This Site


Articles By Category

Contact

Links

 

 

XP Maximized RSS Feed

  • [?]
Category - Antivirus & Security   |   Printer-friendly version

 

  WORM_NETSKY.P

This NETSKY worm spreads by sending out copies of itself as email attachment using its built-in SMTP engine. It gathers target target recipients from certain files found on the affected machine, virtually turning the affected system into a propagation launch pad.

Overall Risk Rating - Medium

Reported Infections - Medium
Damage Potential - High
Distribution Potential - High

Malware Type - Worm
Aliases: W32.Netsky.Q@mm, Win32/Netsky.P@mm, Worm/NetSky.P, W32/Netsky.P.worm
In the wild: Yes
Destructive: Yes
Language: English
Platform: Windows 95, 98, ME, NT, 2000, XP
Encrypted: No

The email it sends out has a spoofed sender's name, varying subjects, message bodies and attachments, and generally mimics email delivery notifications. For complete details about the email that this worm sends out, please click here.

To extend its reach and maximize its distribution potential, this worm employs the following:

Social engineering

Like most mass-mailing worm programs, this worm employs social engineering to get through that most critical barrier to propagation, which is getting the target recipient to open the infected email and execute the attachment.

It uses an email message that takes the form of an email delivery notification (which is typical of most NETSKY worms) to trick the user into thinking that the email is from a valid source. Social engineering not only aids the worm in getting the target recipient to open the infected email, it also allows the worm to evade content filters or scanners.

Built-in SMTP engine

This worm also uses its built-in SMTP (Simple Mail Transfer Protocol) engine for easy propagation, allowing the worm to send email without having to rely on other email applications to spread. Most mass-mailing worm programs have built-in SMTP engines to facilitate easy propagation.

Incorrect MIME Header Vulnerability (MS01-020)

This worm also exploits the Incorrect MIME Header vulnerability to propagate. The vulnerability allows the automatic execution of attachments, while an email is viewed or previewed and affects Internet Explorer 5.1 and 5.5.

For a detailed discussion of the Incorrect MIME Header Vulnerability, please consult the following Microsoft page:

Microsoft Security Bulletin MS01-020

This worm also tries to propagate via peer-to-peer networks by searching drives C to Z for folders that contain strings that are mostly associated with peer-to-peer aplications.

It deletes several autorun registry entries to prevent the automatic execution of different variants of the following worms:

BAGLE
NACHI
MYDOOM
DEADHAT

This worm usually arrives UPX- and FSG-compressed to prevent easy detection. It runs on Windows 95, 98, ME, NT, 2000, and XP.

Related Articles

How To Test Your Firewall

FREE Malicious Software Removal Tool from Microsoft

Is the Free Internet Calling Software Skype Spyware?

SPYW_GATOR.D

WORM_NETSKY.D

SPYW_GATOR.B

Antivirus and Security Tips

Protecting Your PC Against Identity Theft

HTML_NETSKY.P

Free Windows XP Tools

Copyright 2005, XPMaximized.com  |  Powered by Movable Type 3.14  |  Contact

 

 

 

 

 

 

 

 

 

 

hghmagazine.com
exploreeugeneoregon.com
hot-auction-items.com