Driver32.com
Windows Hardware Drivers
Get your hardware driver!
Guide for IT professionals
Devices reviews!
| Home | Drivers | IT News | Search | Tutorials | Contact Us |
 Driver Search
 
Specific Search

 Services
 Virus Alerts
 IT News
 Web Technology
 Hardware Review
 Security
 Technology Tools
 Software
 Drivers

 New Articles
 Device Conflict
 PC Repair
 Second HDD
 Video Card
 CDROM Install
 Java app
 Web scripting
 W32/Bagle.Z
 Virus Alerts
    Information about the W32/Netsky.AB worm 4/24/2004  
W32/Netsky.AB is a mass mailing worm. This worm is a variant of W32/Netsky.Z.This worm infects Windows
systems and spreads through email. The infected email carries a spoofed 'From' address, picked up from
the infected system.

Related News!
  Information about the W32/Netsky.AB worm
  Information about the W32/Bagle.Z Worm
Common Brand Name
  Emachines
  Prolink
  Lomas Data
  Hawkingtech
  Zenith Data Systems
  GUILLEMOT/HERCULES
  Yakumo
  Olivetti Personal Computers
  HERCULES
  Yakumo
  Sato
  DynaSonix (Core-Dynamics)
  Western Digital
  Avance Logic, Inc.

The subject of the infected email will be any one of the following; Wow
Text
Hurts
Funny
Found
Money
Letter
Stolen
Privacy
Picture
Numbers
Criminal
Question
Password
Pictures
Only love?
Correction
More samples

The body of the infected email will be any one of the following;
Still?
True love letter?
Does it hurt you?
How can I help you?
You have no chance...
Your pictures are good!
Hey, are you criminal?
Do you have asked me?
Do you have no money?
Please use the font arial!
Why do you show your body?
Wow! Why are you so shy?
Do you have more samples?
Are your numbers correct?
Do you have written the letter?
I've your password. Take it easy!
Do you have more photos about you?
I've found your creditcard. Check the data!
Please do not sent me your illegal stuff again!!!
The text you sent to me is not so good!

The infected email has any one of the following attachments;
hurts.pif
abuses.pif
pin_tel.pif
image034.pif
your_bill.pif
visa_data.pif
your_text.pif
document1.pif
your_text01.pif
your_picture.pif
your_letter.pif
passwords02.pif
myabuselist.pif
loveletter02.pif
corrected_doc.pif
all_pictures.pif
your_letter_03.pif
your_picture01.pif
my_stolen_document.pif

Upon execution of the infected attachment, the worm copies itself as csrss.exe in the Windows folder.
The worm also creates a mutex S-k-y-n-e-t--A-n-t-i-v-i-r-u-s-T-e-a-m to check the presence of the
worm in system memory.The worm modifies registry at the following location to run itself at the
startup;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
To propagate itself, the worm scans the files having the following extensions and collects all the
available email addresses from the infected system;
.pl, .rtf, .oft, .txt, .uin, .jsp, .tbb, .cgi, .sht, .vbs, .doc, .dbx, .asp, .adb, .php, .htm,
.eml, .xml, .wab, .wsh, .msg, .html, .dhtm, .shtm The worm mails itself to these addresses using
its own SMTP engine.
This worm first appeared on April 28, 2004. Other names of W32/Netsky.AB Worm:
This worm is also known as Win32.Netsky.AB, W32.Netsky.AB@mm, W32/Netsky.ab@MM, NetSky.AB ,
W32/Netsky-AB
Windows Hardware Drivers
  Bios Driver Download   Monitor Drivers
  IDE and Disk Drives   CD-ROM, DVD & CDRW
  ISDN Driver Download   Input Devices
  Network Adpaters   Modems Driver Download
  Removable Drives   Printers Driver Download
  SCSI Controllers   Scanners Driver Download
  Video adpaters   Sound and Multimedia Drivers
 Other Drivers Download   
 
Enterprise News!

  Resolving Device Conflicts
  How To repair a PC
  Installing a Second Hard Drive
  Install Video Card
  Configure Hard Drive and CD-ROM
  Sun advance their Java app servers
  W3C signs off on Web scripting specs
  Information about the W32/Bagle.Z Worm
  Latest Virus Alerts
 More Articles   
| Home | Drivers | IT News | Search | Tutorials | Contact Us |
brand4brand5 2004 Driver32 Corp. Privacy Statement brand1brand2brand3