| Comment: |
Netsky is a mass-mailing email worm that removes registry edits made by certain other worms, including MyDoom.A, MyDoom.B, Mimail.T, and Netsky.A. According to Adrian Gostin, BitDefender virus researcher, Netsky.D "is also programmed to play random sounds into the PC speaker of infected machines on the 2nd of March, between six and nine o' clock in the morning local time." Unlike Netsky.C, Netsky.D no longer enumerates via mapped network drives.
Netsky.D harvests email addresses from .adb, .asp, .cgi, .dbx, .dhtm, .doc, .eml, .htm, .oft, .php, .pl, .rtf, sht, .shtm, .msg, .tbb, .txt, .uin, .vbs, and .wab files found on drives C through Z, with the exception of CD-ROM drives.
Netsky.D uses an SMTP mailing routine similar to that of Sobig.F and MyDoom.A, using its own SMTP engine and querying the DNS server for the MX record, then connecting directly to the MTA of the targeted domain to send itself to recipients at that domain. |
8 [
