We noticed you're blocking ads.

Keep supporting great journalism by turning off your ad blocker.

Questions about why you are seeing this? Contact us

Font Size

- Aa +

Tue 2 Mar 2004 04:00 AM

Font Size

- Aa +

Worm recharges Mydoom

Kaspersky Labs has detected a new virus outbreak, caused by Netsky. The worm has several payloads, one of which is it deletes the registry keys of internet worm, Mydoom, which makes a protected PC vulnerable again to the worm.

Kaspersky Labs has detected a new virus outbreak, caused by Netsky.d, the fourth version of the internet worm Netsky (also known as Moodown.d). To date, numerous notifications of infected machines have already been received.

Given this, Kaspersky Labs recommends all users to update their anti-virus protection and to familiarise themselves with the details of this malicious program.

Netsky.d spreads as an attachment to email messages. Infected messages come in a wide range of forms; the worm randomly selects the message heading from 25 possible headings, the message body from a list of six possible texts, and the attachment name from a selection of 21.

The attachment is a standard Exe program, of approximately 17KB, but the attached file will have a fictitious .PIF extension. If a user is thoughtless enough to execute this file, the worm installs itself on the system and begins propagation.

During installation Netsky.d copies itself under the name WINLOGON.EXE to the Windows directory and registers this file in the system registry auto-run key. This ensures that the worm will be activated every time the operating system is started.

In order to send messages, the worm scans files with extensions of the most popular Internet applications (e.g. .wab, .eml, .doc, .html, .msg, etc.), harvests email addresses, and, unnoticed by the owner of the computer, sends copies of itself to these addresses. It should be noted that the worm uses its own inbuilt SMTP-engine, thus avoiding the use of the email client installed on the victim computer. In this way, Netsky.d propagates via 23 proxy servers located across the globe.

Protection against Netsky.d has already been added to the Kaspersky(r) Anti-Virus database.

Arabian Business: why we're going behind a paywall

For all the latest business news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.
Real news, real analysis and real insight have real value – especially at a time like this. Unlimited access ArabianBusiness.com can be unlocked for as little as $4.75 per month. Click here for more details.

Read next