| Originally discovered in March of 2004, the
virus named by Symantec as W32.Netsky.p@mm has recently started to make its rounds around
the Internet infecting Windows based computers.
This piece of malicious software is technically classified
as a worm and is also known as W32/Netsky.p@MM (McAfee), W32/Netsky-P (Sophos),
WORM_NETSKY.P (Trend Micro), and NetSky.P (F-Secure). Like most prolific viruses this one
is also a mass mailer, meaning it harvests email addresses on your system and then using
its own email engine sends out copies of itself to those addresses.
To complete the infection of a system Netsky first
distributes copies of itself in various system directories in the form of temporary,
dynamic linked library and executable files. It also makes changes to the registry keys,
setting it up to run transparently in the background as a service. Once executed it starts
a built in mail server and begins sending out emails.
If you are not using antivirus software (now is the perfect
time to get one of the free or commercially available offerings) or if the package you are
using failed to properly detect and sanitize the outbreak of Netsky there are some freely
available tools from the major antivirus vendors that will quickly and easily do the job
for you.
Symantec Removal Tool: http://www.symantec.com/security_response/writeup.jsp?docid=2004-021816-1759-99
Sophos Resolve: http://www.sophos.com/support/disinfection/netskyb.html
McAfee Stinger: http://vil.nai.com/vil/stinger/
F-Secure F-Netsky: http://www.f-secure.com/tools/f-netsky.zip
After using one of the above cleanup tools (be sure to
follow the included documentation) your system should be left squeaky clean. At this point
it would also be a good idea to run a thorough scan of your system for any other viruses
or malware that may be lurking about.
|
