(((((((((((((((((((( McAfee Dispatch )))))))))))))))))))))))
[This message is brought to you as a subscriber to theMcAfee Dispatch. To unsubscribe, please follow the
instructions at the bottom of this email.]
============================================================
VIRUS ADVISORY: W32/Netsky.ag@MM – Medium Risk
————————————————————
Current VirusScan users with DAT 4399 are protected from
this threat. Learn more about W32/Netsky.ag@MM here:
http://us.mcafee.com/root/campaign.asp?cid=12198
FreeScan checks for W32/Netsky.ag@MM.
Scan now:
http://us.mcafee.com/root/campaign.asp?cid=12199
============================================================
–> What is it?
The latest variant of the original W32/Netsky.MM virus,
W32/Netsky.ag@MM is a Medium Risk mass-mailing worm that
arrives inside an email with a subject line, body content
and attachment file name in Portuguese.
Like its predecessors, W32/Netsky.ag@MM steals email
addresses from an infected machine, then forwards itself to
those contacts, often faking the “from: field”.
–> What should I look for?
FROM: Varies (forged addresses taken from infected system).
SUBJECT: Varies. Examples: 0123456789, Abra rapido isso!!!!,
acrdito que em voce!!!
BODY: Varies. Examples: PizzaVeneza!, preenche ai ta bom,
encontro voce!
ATTACHMENT. Varies. Examples: agradou, agua!, AIDS!
–> How do I know if I’ve been infected?
When run, the worm displays a message box with the warning
“File corrupted replace this!”. The worm copies itself to
folders with the string “share” or sharing”, network shares
and P2P shared folders, using file names like
aninha gatinha!.zip.scr, barrio.scr and cafe!!.zip.scr.
–> How do I find out more?
View details about W32/Netsky.ag@MM here.
http://us.mcafee.com/root/campaign.asp?cid=12198
