Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs
 
Full Name:
 NetSky Websearch   Read More
Type: Worm
Also Known as: Netsky.D
SG Index: 8 [Explain]
Removal tools: List of products that detect/remove/protect against NetSky:
  • Control IM and P2P use, block spyware and other malware: RTGuardian
  • Endpoint Spyware Remediation: Greynet Enterprise Manager
  • IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway
    		•
    Category Description: Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.

    Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
    Comment: Netsky is a mass-mailing email worm that removes registry edits made by certain other worms, including MyDoom.A, MyDoom.B, Mimail.T, and Netsky.A. According to Adrian Gostin, BitDefender virus researcher, Netsky.D "is also programmed to play random sounds into the PC speaker of infected machines on the 2nd of March, between six and nine o' clock in the morning local time." Unlike Netsky.C, Netsky.D no longer enumerates via mapped network drives.

    Netsky.D harvests email addresses from .adb, .asp, .cgi, .dbx, .dhtm, .doc, .eml, .htm, .oft, .php, .pl, .rtf, sht, .shtm, .msg, .tbb, .txt, .uin, .vbs, and .wab files found on drives C through Z, with the exception of CD-ROM drives.

    Netsky.D uses an SMTP mailing routine similar to that of Sobig.F and MyDoom.A, using its own SMTP engine and querying the DNS server for the MX record, then connecting directly to the MTA of the targeted domain to send itself to recipients at that domain.
       
    Properties:
  •  Autostarts/Stays Resident
  •  Sends mail
  •  Stealth Tactics
    		•

    Click here to leave feedback for this product
    Help with the BUST!
    Become A Spyspotter!
    Bust the Bad Guys!
    Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
    Recent Blog Posts
  • A Year In Security
  • Youtube Comment Bot Spams In Waves
  • VGA Awards Trailers Used As Bait For Spam Offers
  • Fake Visa Electronic Report Serves Up Zbot Data Stealer
  • Banned Console Owners Beat The System - With Stickers
  • Spot The Hack
  • The Futility Of EULAs
  • Auto Whaler Spears Phishers
  • Fake Porn Grabbers Snag Nothing But Malware
  • Console DDoS Botnets - A Thriving Industry
    • Recent Modifications
    2010-3-11  Email Threats
    2010-3-9  WeBuying
    2010-3-9  HappytoFind
    2010-3-5  PaintBrush
    2010-3-5  Downloader-Tadpu
    2010-3-4  Unclassified Trojans
    2010-3-2  ParisVoyeur
    2010-3-2  CoolWebSearch
    2010-2-23  Dialers
    2010-2-19  NetPumper 1.2
     

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.