WORM_NETSKY.D
This worm drops a copy of itself as the file WINLOGON.EXE in the Windows folder. It creates a thread for searching email addresses, which it gathers from files with specific extensions, in drives C to Z (except for the CD-ROM drive).
(Note: On Windows NT, 2000 and XP, there is a normal application named WINLOGON.EXE in the Windows system folder.)
Overall risk rating: Low
Reported infections: Low
Damage potential: High
Distribution potential: High
| |
It connects to a local or several external DNS servers, which it uses as its SMTP server, to search for a mail exchanger that matches the domain yahoo.com.
This malware arrives as a Petite-compressed executable file and is written using Microsoft Visual C++, a high-level programming language.
It runs on Windows 95, 98, ME, NT, 2000, and XP.
Jan 25 - 
01:02 PM PT | filed under Antivirus & Security | 
Printer-friendly version
Related articles in Antivirus & Security |
