Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: InfoSec Handlers Diary Blog - W32.Netsky.Q@mm Code indicates a DoS attack InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

W32.Netsky.Q@mm Code indicates a DoS attack

Published: 2004-04-03
Last Updated: 2004-04-04 00:58:23 UTC
by Deborah Hale (Version: 1)
0 comment(s)

W32.Netsky.Q@mm


According to Symantec's Security Response Website the W32.Netsky.Q@mm
virus is set to perform a DoS next week. Here is an excerpt from

Symantec's Website information:




If the system date is April 8th, 2004 through April 11th, 2004 it will
attempt to perform a Denial of Service (DoS) attack against the following
sites:




www.edonkey2000.com

www.kazaa.com

www.emule-project.net

www.cracks.am

www.cracks.st



This worm is taking advantage of unpatched systems to exploit the

Incorrect MIME Header Can Cause IE to Execute E-mail Attachment.


http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx



Symantec has a removal tool available at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html

If you are not absolutely sure that your computer is free from the Netsky
worm, you should download and run the removal tool on your computer.




According to Trend Micro it also contains the following encrypted

internal text strings embedded within its code:




We are the only SkyNet, we don't have any criminal inspirations.

Due to many reports, we do not have any backdoors included for spam

relaying. and we aren't children. Due to this, many reports are wrong.




We don't use any virus creation toolkits, only the higher language

Microsoft Visual C++ 6.0. We want to prevent hacker, cracking, sharing
with illegal stuff and similar illegal content.

Hey, big firms only want to make a lot of money.

That is what we don't prefer. We want to solve and avoid it.

Note: Users do not need a new av-update, they need

a better education! We will envolope...


- Best regards, the SkyNet Antivirus Team, Russia 05:11 P.M -

For more information see:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.Q&VSect=T







Deb Hale
Handler on Duty


Keywords:
0 comment(s)
Diary Archives