PandaLabs has detected the appearance of the new B variant of the Netsky worm (W32/Netsky.B.worm). This malicious code is very similar to the original worm, and according to Panda Software’s international technical support network, has already starting causing incidents in user’s computers.
Netsky.B can reach computer in files downloaded from the Internet or in an e-mail message whose subject, message body and attached file are selected at random from a list of options. For information on these options, consult Panda Software's Virus Encyclopedia.
Another characteristic of Netsky.B is that it spoofs the address of the sender in order to trick the user into believing that it has come from a reliable source and running the attached file which actually contains the worm. This icon of this file is the typical icon associated to Microsoft Word documents.
When the attached file is run, the worm copies itself to the computer under the name services.exe and tries to copy itself to all the drives in the computer. It also sends itself out to all the address it finds in files with certain extensions stored on the computer. It does this using its own SMTP engine.
Netsky.B also copies itself to all the directories whose name contains the words ‘share’ or ‘sharing’ in any drive. By doing this, it can also spread through P2P applications like KaZaA, eMule, etc.
Netsky.B inserts several entries in the Windows Registry and deletes any entries that may have been created by other malicious code such as Mydoom.A and Mimail.T, for example.
Due to the number of incidents involving Netsky.B received, Panda Software advises users to take extra precautions. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate this worm. Those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com.
Similarly, users can also detect and disinfect this and other malicious code using the free, online antivirus, Panda ActiveScan, which is also available on the company’s website at http://www.pandasoftware.com.
More information on Netsky.B is available in Panda Software’s Virus Encyclopedia.
About PandaLabs
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information:
Deborah Dupaix
d.dupaix@pandasoftware.be