Aliases: Generic.dx, Virus.Win32.Netlip, Virus.Win32.Netlip, W32/Netlip-B, Worm:Win32/[email protected]
Variants: backdoor.drat.

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 13 Jul 2002
Damage: Low

Characteristics: W32.Netlip.Worm is a worm characterized as a “patcher” for it attaches itself to email messages each time that the user sends an email to anyone from a compromised computer. The author chose to write this worm in Microsoft Visual Basic (VB) programming language and is compressed using PELOCK. It affects all Windows Operating System namely Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP.

More details about W32.Netlip.Worm

It makes use of this email format in sending and propagating worm in its subject it states, “*** PUBLICIDAD ELECTRONICA.” This contains attachment also named almost the same as the subject which is, “PUBLINet.exe.” Once opened, the worm will display an image customized window box in full violet color saying, SICOM Net, Desarrollo de Sistemas de Informacion. Venta de partes y accesorios de Computadoras. Mantenimineto y Reparacion de equipos de Computacion. Instalacion y/o Configuracion de Redes de Computadoras. Diseno de Paginas WEB. Publicidad Electronica". The user will be prompt to click, “Acerca de…” button or enter “A” in the keyboard to execute the worm’s infection routine. This command to send the message. When it is clicked, it will show another normal window box message entitled “Aceptar de” while saying, “PUBLINet Version 0.7.0 Beta Descripcion: Software publicitario que viaja a traves de la red Internet. © SICOM Net – Sistemas Computacionales, 2002. E-mail: [email protected]” The user will then be prompt to clicked another button named as, “Aceptar.”

It is a program that consists of harmful attributes and can put an infected computer as well as other networked systems in danger. One of the most distinct attributes of the W32.Netlip.Worm program is its ability to provide an intruder with unauthorized access to a computer including the tool to control the said machine from a remote location. Once an access had been established, the intruder can now perform actions on the computer without the knowledge of the user. Some of the functions ascribed to the program include the execution of files, sending and receiving of files, removal of user data, and shutting down or rebooting of the computer.