TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_NETSKY.Q
Overview
Solution

Malware type: Worm

Aliases: W32.Netsky.Q@mm(Symantec), W32/Netsky-Q(Sophos), Email-Worm.Win32.NetSky.r(Kaspersky), Worm/Netsky.Q.Pk(Avira), W32/Netsky.corr (exact)(F-Prot), W32/Netsky.gen@MM(McAfee)

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 95, 98, ME, NT, 2000, NT

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: (See also Overview Diagram)

This worm uses its own Simple Mail Transfer Protocol (SMTP) engine to propagate via email with varying subjects, message bodies, and attachment file names. It gathers email addresses from files with certain extension names in drives C to Z (except for CD-ROM drives).

It also uses the obtained addresses to spoof the From fields of the email messages it sends out.

It also exploits a known vulnerability affecting Internet Explorer involving incorrect MIME Header (MS01-020), which allows the automatic execution of email attachments while an email is read or previewed. More information on this vulnerability is available at:

It launches a Denial of Service (DoS) attack on several Web sites from April 8 to 11, 2004.

This malware is usually compressed using PeTite program, and is written in Visual C++ language.

It runs on Windows 95, 98, ME, NT, 2000, and XP.

Overview Diagram:

 

Spread Mechanism

Affected Software
 
Spread Mechanism 1
Affected Software 1
 
Spread Mechanism 2
Affected Software 2
 
Spread Mechanism 3
Affected Software 3
 

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 28, 2004 10:54:46 PM GMT -0800
Description updated: Mar. 28, 2004 11:25:27 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.