TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_NETSKY.C
Overview
Solution

Malware type: Worm

Aliases: Email-Worm.Win32.NetSky.c (Kaspersky), W32/Netsky.c@MM (McAfee), W32.Netsky.C@mm (Symantec), Worm/Netsky.C (Avira), W32/Netsky-C (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This new NETSKY variant spreads via email using its own SMTP (Simple Mail Transfer Protocol) engine. It also drops several copies of itself in folders that have the string "shar" in their names and are located under the Windows directory. It drops copies with enticing file names and may successfully propagate via folders shared on various networks.

The email message it sends out has varying details. Below are screenshots of some of its email messages:

This is a sample email that the worm sends out.

This box displays a sample email that the worm sends out.

This box displays a sample email that the worm sends out.

If the current system date is February 26, 2004 and the time is between 6 and 9 AM, this malware generates beeping sounds.

Additionally, this worm disables other malware. It deletes the registry entries used by certain malware to automatically execute at system startup.

This memory-resident malware runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 25, 2004 7:55:34 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.