|
Description:
This NETSKY variant propagates via email using its own SMTP (Simple Mail Transfer Protocol) engine. The email it sends out may have details similar to the following:
To: <recipient>
From: <spoofed email address>
Subject: Hello
Message Body: Important document
Attachment: important.zip
It gathers email address from files with certain extension names to spoof the "From:" field of the email. It randomizes the email’s subject, message body and attachment names from lists of specific strings and file names present in the malware code. It may use several external DNS servers for its propagation routine, which are hardcoded in its body.
This malware also has backdoor capabilities. It listens to port 665 for commands from remote users. Once outside connection is established, this malware is then able to download and execute files on infected systems.
It may also launch a denial of service (DoS) attack against the following Web sites:
- www.educa.ch
- www.medinfo.ufl.edu
- www.nibis.de
It runs on Windows 95, 98, ME, NT, 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 21, 2004 10:00:16 AM GMT -0800
Description updated: Apr. 26, 2004 7:48:36 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
