The new version is programmed to perform denial of service attacks on peer-to-peer networks (P-to-P). It contains a blaming message to users who contributed to the spread of the virus and claims the author of the worm wants to end hacking and illegal file trading.
According to F-Secure, NetSky.Q appeared on the Internet yesterday in the .PIF (Program Information File) or .ZIP e-mail attachments. It tries to exploit a security vulnerability that Microsoft has solved a long time ago. This error allows the attachment to automatically open when the recipient reads the e-mail.
Messages in NetSky.Q disguise as error messages sent from the servers of the mail service provider, with the subject line "Delivery Error" "Error" and "Server Error". When opened, the e-mail will display a message like "Mail Delivery - This mail could not be displayed" and indicates that the inside contains a message. Copies of the rejected e-mail as a binary attachment, and requires the user to click to open.
Like the previous variants of NetSky, the Q installs itself to the Windows system when the attachment is opened. It also scans your hard drive and collects e-mail addresses from a variety of file types. According to Sophos, NetSky.Q will send its copies to these addresses on March 31, 5-12-19-26, 2004. F-Secure said that Q-infected computers would be programmed to launch a denial-of-service attack on some peer-to-peer networks, and many websites offer pirated copies, including have www.kazaa.com www.edonkey2000.com and www.cracks.am & nbsp; on April 7 and 14, 2004. A message hidden in the code explains the reason for the attacks. NetSky's author claims to be a representative of a group called "SkyNet Antivirus Team," based in Russia and acting for a positive purpose. Hacker stresses what they do is to point to contrasts with other worms (mainly Bagle and Mydoom), who only open gates on infected machines to spread spam or use it for attacks. later work.
Over the past few weeks, NetSky's writers have been engaged in a wormhole with the Bagle virus writers. The two groups continually use their "new creations" as a tool to speak and criticize each other.
Today, antivirus software companies have released a new signature file to identify NetSky.Q and recommend that users upgrade their system defense tools.
