VIRUS ADVISORY – W32/Netsky.ag@MM

VIRUS ADVISORY – W32/Netsky.ag@MM

(((((((((((((((((((( McAfee Dispatch )))))))))))))))))))))))

[This message is brought to you as a subscriber to the

McAfee Dispatch. To unsubscribe, please follow the

instructions at the bottom of this email.]

============================================================

VIRUS ADVISORY: W32/Netsky.ag@MM – Medium Risk

————————————————————

Current VirusScan users with DAT 4399 are protected from

this threat. Learn more about W32/Netsky.ag@MM here:

http://us.mcafee.com/root/campaign.asp?cid=12198

FreeScan checks for W32/Netsky.ag@MM.

Scan now:

http://us.mcafee.com/root/campaign.asp?cid=12199

============================================================

–> What is it?

The latest variant of the original W32/Netsky.MM virus,

W32/Netsky.ag@MM is a Medium Risk mass-mailing worm that

arrives inside an email with a subject line, body content

and attachment file name in Portuguese.

Like its predecessors, W32/Netsky.ag@MM steals email

addresses from an infected machine, then forwards itself to

those contacts, often faking the “from: field”.

–> What should I look for?

FROM: Varies (forged addresses taken from infected system).

SUBJECT: Varies. Examples: 0123456789, Abra rapido isso!!!!,

acrdito que em voce!!!

BODY: Varies. Examples: PizzaVeneza!, preenche ai ta bom,

encontro voce!

ATTACHMENT. Varies. Examples: agradou, agua!, AIDS!

–> How do I know if I’ve been infected?

When run, the worm displays a message box with the warning

“File corrupted replace this!”. The worm copies itself to

folders with the string “share” or sharing”, network shares

and P2P shared folders, using file names like

aninha gatinha!.zip.scr, barrio.scr and cafe!!.zip.scr.

–> How do I find out more?

View details about W32/Netsky.ag@MM here.

http://us.mcafee.com/root/campaign.asp?cid=12198

Post Tags :

阿維

阿維雜記本的偷懶維護者