Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Panda Software reports on the new Nestky.D worm - 0 3/01/2004

Feb 29, 2004 11:20PM PST

Madrid, March 1, 2004 - PandaLabs has detected the appearance of the new D variant of the Netsky worm (W32/Netsky.D.worm). This malicious code is very
similar to its predecessor, Netsky.B, which has been the virus most frequently detected by the free online antivirus Panda ActiveScan over the last few days.

Netsky.D reaches computers in an e-mail message whose subject, message body and attached file are selected at random from a list of options. For more details, consult Panda Software's Virus Encyclopedia.

Netsky.D spreads by e-mail, sending itself out to all the address it finds in files with the extensions: EML, .TXT, .PHP, .PL, .HTM, .HTML, .VBS, .RTF,
.UIN, .ASP, .WAB, .DOC, .ADB, .TBB, .DBX, .***, .OFT, .MSG, .SHTM, .CGI, and .DHTM. To do this it uses its own SMTP engine. Unlike the C variant, Netsky.D launches eight simultaneous threads, which means that from each infected computer, it will send at least eight times more infected mails.

Netsky.D deletes entries created by several worms, including Mydoom.A and Mimail.T. In addition, when the system date is March 2 2004, the worm will
make random noises between 6:00 and 8:59 in the morning.

The appearance of Netsky.D comes in addition to that of the C, D, E, F and G variants of the Bagle, worm which appeared over the weekend. "Bagle.E, in
particular, is causing incidents in computers around the world according to the data collected by Panda Software's international tech support network,"
explains Luis Corrons, head of PandaLabs.

Bagle.E spreads via e-mail in a message with an attached file -with an icon similar to Windows Notepad-, and with a name made up of random characters
and the ZIP extension. When this file is run, the computer will be infected by the worm, which then searches for e-mail addresses in files with the
following extensions: WAB, TXT, HTM, HTML, DBX, MDX, EML, NCH, MMF, ODS, CFG, ASP, PHP, PL, ADB and ***. Bagle.E also terminates several process
belonging to security applications, leaving the computer vulnerable to future attack.

Due to the possibility of incidents involving Bagle.C, Bagle,D or Bagle.E, Panda Software has made the free PQRemove utility available to detect and remove these malicious code. This tool can be downloaded from:
http://www.pandasoftware.com/download/utilities.

"With the waves of variants that are now appearing -such as Nestky.D and the Bagle 'family' which have appeared this weekend it is probable that there
are still more to come. For this reason, users should treat all e-mail received with caution and update their antivirus solutions as soon as possible," says Corrons.

More information on Netsky.D and the C, D, E, F and G variants of Bagle is available in Panda Software's Virus Encyclopedia, at:

http://www.pandasoftware.com/virus_info/encyclopedia

Discussion is locked