W32 / Netsky-S is actually a kind of "bomb" that functions as a backdoor, which allows illegal execution of binary code on infected machines.
Virus Name: W32 / Netsky-S
Species: Depth Win32
Date appeared: 05/4/2004
Describe:
- W32 / Netsky-S is a type of "bomb" function of a "backdoor". Deeply cloned into the Windows directory under the name EasyAV.exe , and create a file named uinmzertinmds.opm (deep base64 encoding form).
- To be able to automatically run when the system boots, worms will generate the following values in the registry key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunEasyAV =
& lt; Windows & gt; EasyAV.exe
- W32 / Netsky-S has a backend component that listens to the connection at port 6789 / TCP, allowing unauthorized programs to load and execute binary code on infected computers.
- The worm collects e-mail addresses in the system from files with the following extensions: & nbsp;
SHT, ADB, TBB, WAB, DBX, OFT, DOC, MSG
- Intensive e-mail
Headline:
Hello
Re: Hi
Re: Hello
Approved
Re: Approved
Thank you!
Re: Thanks you!
Request
Re: Request
Your document
Re: Your document
Your details
Re: Your details
Thông tin về bạn
Re: Your information
My details
Important
Re: Important
Message line:
Hello!
Please read the & lt; name of the attachment & gt ;.
Please have a look at the & lt; name of the attachment & gt ;.
Here is the & lt; name of the attachment & gt ;.
The & lt; name of the attachment & gt; is attached.
Please see the & lt; name of the attachment & gt ;.
I have sent the & lt; name of the attachment & gt ;.
The requested & lt; name of the attachment & gt; is attached!
Đây là tài liệu.
See the document for details.
Please có một look at the attached tài liệu.
Hãy đọc tập tin kèm vào.
Your file is attached to this mail.
Please, & lt; name of attachment & gt ;.
Your & lt; name of attachment & gt; is attached.
My & lt; name of attachment & gt; is attached.
I have found the & lt; name of the attachment & gt ;.
Đã xác nhận, here is the document.
For more information see the attached document.
For more details see the attached tài liệu.
Please read quickly.
Hãy ý nghĩa chứa tài liệu attached.
Please notice the attached & lt; name of the attachment & gt ;.
Your & lt; name of attachment & gt ;.
Tôi có quá thời gian cho bạn tài liệu.
I have spent much time on the & lt; name of the attachment & gt ;.
The & lt; name of the attachment & gt ;.
My & lt; name of attachment & gt ;.
Note that I have attached your document.
Thanks
Thank you
Yours sincerely
+++ X-Attachment-Type: document
+++ X-Attachment-Status: no virus found
+++ Powered by the new Panda OnlineAntiVirus
+++ Website: www.pandasoftware.com
+++ X-Attachment-Type: document
+++ X-Attachment-Status: no virus found
+++ Powered by the new MCAfee OnlineAntiVirus
+++ Homepage: www.mcafee.com
+++ X-Attachment-Type: document
+++ X-Attachment-Status: no virus found
+++ Powered by the new F-Secure OnlineAntiVirus'
+++ Visit us: www.f-secure.com
Attachments:
approved_file
letter
corrected_document
archive
abuse_list
presentation_document
instructions
details
improved_document
note
message
contact_list
number_list
file
secound_document
improved_file
user_list
textfile
new_document
text
information
info
word_document
excel_document
powerpoint_document
detailed_document
homepage
letter
mail
document
old_document
approved_document
movie_document
picture_document
summary
description
requested_document
notice
bill
answer
release
final version
diggest
important_document
order
photo_document
personal_message
phone_number
e-mail
icq number
report
story
concept
developement
sample
postcard
account
- Attachment names are usually linked by a random number and have a .PIF extension.
- Between April 14 and April 4,
www.cracks.am
www.emule.de
www.kazaa.com
www.freemule.net
www.keygen.us
& nbsp;
