Aliases: I-Worm.Netav
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Fast
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 15 Jul 2002
Damage: Low

Characteristics: W32.Netav.Worm belongs to a family of mass-mailing worm which makes use of its own SMTP engine in transmitting its infection to email addresses saved in the Microsoft Windows Address Book contacts. It also affects files with extensions that contain "htm.” Visible symptoms include showing a detailed message subject stating,” Hello,” For you.” Try it” and “Re:” While the message body comes in various formats also which states, “Hi,”Here is what you asked, bye,”Hello,”Maybe you could help me with this, bye, “Hello” and “Now you can try it, bye.”

More details about W32.Netav.Worm

The attachments in these messages vary from these files: Setup.exe, mHgame.exe, Mininet.exe and Netav.exe. It also displays a window box entitled as “Setup”. While inside the box, it says, “This files does not work on this system". The user will be prompt to click on “Ok” button. If the user presses the “Ok” button, it will copy an infected file named as “Netav.exe” in windows system directory folders. All platforms of windows are vulnerable to this Trojan, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP.

Through the W32.Netav.Worm program, the hacker (its author) has unlimited power to control the computer. The hacker may delete files, modify system settings, install spying programs, disable applications, and use the compromised machine for Web server attacks. Another common malicious capability of this worm is downloading unwanted and unsolicited files. These files may vary from the least annoying adware to the most dangerous worms. It may also be responsible for installing these malware to the infected computer. Moreover, the W32.Netav.Worm program can distribute these threats to connected computers using the compromised machine. Usually, malware similar to this use spam messages, P2P applications and websites to send out threats.