F-Secure has warned users of the appearance of Netsky.U - the latest variant of the Netsky virus. According to the warning, the virus only works after 17/4 but is quite dangerous due to the backdoor feature to allow hackers to penetrate the user computer system.
& nbsp;
In essence, Netsky.U contains 94% of the code of previous versions. This variant is infected by email header Re: Hi, Re: Hi, Hello, Hey, It's me, Again ... and carry attached files (usually in .pif format). Once enabled, Netsky.U copied the file running EastAV.exe to the Windows directory, adding the key "SymAV" = "% WinDir% SynAV.exe" (WinDir only Windows default directory) at: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun.
& nbsp;
Notably, the virus itself has the ability to scan email addresses stored on hard drives (except for the CD drive), open the back door at port 6789 (TCP protocol) and allow hackers to download. or execute malicious files on infected computers.
& nbsp;
Netsky also has the ability to deploy Denial of Service (DoS) attacks on a number of websites including cracks.am, kazaa.com, freemule.net, keygen.us . It is known that the time the virus was programmed to deploy the attack is from 14 to 23/4/2004.
& nbsp;
Solution: & nbsp;
& nbsp;
- Do not open attachments in suspicious emails
& nbsp;
- Temporarily block port 6789 if suspected computer has been infected
& nbsp;
- Update and run the latest antivirus software
