F-Secure Virus Descriptions : NetSky.Y
[Summary] | [Disinfection] | [Detection]
NetSky.Y worm was discovered late night on April 20th, 2004. It
is similar to the Netsky.X variant found earlier during the same
day. It is repacked with PEpack. For more information on Netsky.X
see:
http://www.f-secure.com/v-descs/netsky_x.shtml
Netsky.Y sends email messages that look as follows:
Subject: Delivery failure notice (ID-random number)
Attachment: www.random domain name.random user name.session.random number.com
The body of the message contains one of the following words:
Partial, External, New or Delivered
followed by the text:
message is available
F-Secure provides the special disinfection utility to eliminate
Netsky.Y worm infection. You can download this utility from our
ftp site:
ftp://ftp.f-secure.com/anti-virus/tools/f-netsky.exe
ftp://ftp.f-secure.com/anti-virus/tools/f-netsky.zip
Disinfection instructions can be found here:
ftp://ftp.f-secure.com/anti-virus/tools/f-netsky.txt
System administrators who are using F-Secure Policy Manager,
can distribute the tool as a JAR package automatically to all
workstations.
System administrators can download the JAR version from:
http://www.europe.f-secure.com/tools/f-netsky.jar
ftp://ftp.europe.f-secure.com/anti-virus/tools/f-netsky.jar
F-Secure Anti-Virus detects NetSky.Y worm with the updates
published earlier on April 20th, 2004:
[FSAV_Database_Version]
Version=2004-04-20_03
Write-up:
Katrin Tocheva, April 20th, 2004;
Description Updated:
Alexey Podrezov, April 28th, 2004;
F-Secure Corporation
|
