LISTSERV - VICUG-L Archives - LISTSERV.ICORS.ORG

VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	VICUG-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Content-Type:	text/plain; charset=iso-8859-1
Sender:	"VICUG-L: Visually Impaired Computer Users' Group List" <[log in to unmask]>
Subject:	Netsky info
From:	Martin Courcelles <[log in to unmask]>
Date:	Wed, 3 Mar 2004 15:20:13 -0500
Content-Transfer-Encoding:	8bit
MIME-Version:	1.0
Reply-To:	[log in to unmask]
Parts/Attachments:	text/plain (105 lines)

Hello there:
Since I've been receiving many virus-filled emails in the last few days, I thought I'd send this info out for everyone to read.
This is the most recent version of netsky and this little worm is gettinger smarter everytime a new version comes out.
Grisoft has a utility which will remove this pesky thing for you if you think you are infected. I have run this utility and I am not one of the guilty ones.
http://www.grisoft.com/us/us_remtext.php?id=netsky
You can also find this info at:
www.grisoft.com
I've pasted info about this worm below.
I wish people had better things to do than bother with viruses.
There's always the conspiracy theory that it's the virus scanning companies putting out the viruses so to promote the purchase of their products.
Who knows.

Cheers,
Martin

I-Worm/Netsky.D

Installation:
When the worm is launched it copies itself as winlogon.exe to Windows Directory and registers itself as ICQ Net in Run key in Windows Registry.

Spreading: e-mail
Worm spreads by sending itself to e-mail addresses that are taken from files with dhtm, cgi, shtm, msg, oft, sht, dbx, tbb, adb, doc, wab, asp, uin, rtf,
vbs, html, htm, pl, php, txt and eml extension.

Message format is as following:
Sender address is faked.

Message subject could be as following:
Re: Your website
Re: Your product
Re: Your letter
Re: Your archive
Re: Your text
Re: Your bill
Re: Your details
Re: My details
Re: Word file
Re: Excel file
Re: Details
Re: Approved
Re: Your software
Re: Your music
Re: Here
Re: Re: Re: Your document
Re: Hello
Re: Hi
Re: Re: Message
Re: Your picture
Re: Here is the document
Re: Your document
Re: Thanks!
Re: Re: Thanks!
Re: Re: Document
Re: Document

Message body could be as following:
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
See the attached file for details.
Here is the file.
Your document is attached.

Attachment message could be as following:
your_website.pif
your_product.pif
your_letter.pif
your_archive.pif
your_text.pif
your_bill.pif
your_details.pif
document_word.pif
document_excel.pif
my_details.pif
all_document.pif
application.pif
mp3music.pif
yours.pif
document_4351.pif
your_file.pif
message_details.pif
your_picture.pif
document_full.pif
message_part2.pif
document.pif
your_document.pif

On the 2nd of March 2004 worm produces random sounds on infected computer PC speaker.

Worm also contains this text:
be aware! Skynet.cz - -->AntiHacker Crew<--

*******************************************************
*** Life is all good! ***
*******************************************************

VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG