Home > Threat descriptions >

NetSky.AD

Classification

Category: Malware

Type: Email-Worm

Aliases: NetSky.AD, W32/NetSky.AD@mm

Summary


Despite the arrest of the Netsky's worm author, new worm variants keep coming. On May 21st 2004 we received a sample of a new Netsky worm variant. Even more interesting is the fact that the new Netsky drops a Bugbear's worm keylogger to an infected system. This Netsky variant is based on Netsky.D worm variant, that was found on March 1st, 2004.

Removal


Automatic action

Once detected, the F-Secure security product will automatically handle a harmful program or file by either deleting or renaming it.

Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Descriptions of NetSky.D worm variant can be found here: NetSky.D.

Descriptions of Bugbear worm keylogger can be found here: Tanatos

The worm's file is a PE executable file 40448 bytes long packed with a modified UPX file compressor. The Bugbear's keylogger is a PE DLL file 5632 bytes long. The keylogger is dropped to Windows System folder with a random name and it creates 2 more DLL files with random names there. These files are used to store keylogger data in encrypted form.