Aliases: WORM_NETSKY.A
Variants: [email protected],
[email protected],
[email protected],
[email protected],
[email protected]
Classification: Malware
Category: Computer Worm
Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 16 Feb 2004
Damage: Low
Characteristics: [email protected] is part of the family of mass-mailing worms which uses its own SMTP engine to send itself to the email addresses. Like other worms, it also browses all the hard drives and mapped drives. This worm also finds drives “C” through “Z” for the folder names having "Share" or "Sharing," and then copies itself to those folders. The sender or “from” details as well as its attachments may have different formats.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
It also retrieves email addresses from the files with the following file extensions: .msg, .oft, .sht, .dbx, .tbb, .adb, .doc, .wab, .asp, .uin, .rtf, .vbs, .html, .htm, .pl, .php, .txt and .eml. Reports also say that there are several bugs in the code; this code commands the worm to search a file for email addresses if the extension is a sub-string of one of the aforementioned extensions. It affects all windows platforms. File creation and duplication is another characteristic of this worm. It also creates a mutex known as “AdmMoodownJKIS003” so that the worm will only run at one instance. Windows directory folders are also modified for it is continuously added by a copy of the worm named as “Services.exe”.
It is a program with concealed malicious behavior that can raise serious security concerns to the user’s computer. Reports from the field claim the worm’s primary attribute is its ability to create an access that allows another party to remotely control or influence the user’s computer. The program usually opens a TCP port and sends a modified URL or email message to the hacker. The port opened by the
[email protected] program is then used by the hacker to access the computer. Once the hacker had gained access over the computer, the hacker can now perform a number of actions to the computer, unknown and without the consent of the user. The hacker can remotely modify files, remove files, run programs and even shutdown or reboot the computer.