Google
Web pcflank.com
PC Flank Logo
 Make sure
you're protected
on all sides
 Test Your System
 About PC Flank's tests
 PC Flank Leaktest NEW!
 Quick Test
 Stealth Test
 Browser Test
 Trojans Test
 Advanced Port Scanner
 Exploits Test
 Ask the experts
 Leak Tests Catalog NEW!
 FAQ
 Glossary
 Community
 Forum
 Security Center
 Software Store
 Books Store
 Articles Library
 Software Reviews
 Interviews

 

Tip of the day
Do not store a large number of files on your desktop.
Security News

Netsky-V: Insipid threat

April 16, 2004

Another version of formerly dangerous worm, NetSky-V has been caught in the wild. However, anti-virus software makers have rated it as a low-level threat.

As we all remember, massive epidemic of mass-mailing worms have clogged Internet in the beginning of the year and all mail worms have been considered a serious threat because of the damage amount they have done.

Now the epidemic seems to have passed and newer worm versions do not have such a negative impact on Internet and its users. Panda Software, Trend Micro, McAfee, Computer Associates, and F-Secure all said the threat was low despite the fact that the worm could infect a PC when a user reads the email by which it spreads.

Netsky-V itself is a worm which uses a combination of email, HTTP and FTP to spread. The worm itself is a Windows PE executable file. After the machine is infected, Netsky-V searches its hard disk for email addresses and sends email directly to them. Note that these emails do not contain an attached copy of Netsky-V. Instead, they contain HTML instructions to fetch a copy of the worm.

Also, Netsky-V opens up two TCP ports on infected computer: an HTTP service listens on port 5557 and an FTP service listens on port 5556. These ports are used to "serve up" the virus to downstream victims to whom you have sent copies of the email mentioned above.

Downstream victims can become infected simply by reading an email sent by the virus. Note, however, that this email relies on a bug in Microsoft Outlook for which a patch has already been published. If you have downloaded and applied up-to-date patches from Microsoft, then the exploit used by this email will not work and the email is harmless.

Moreover, the worm is programmed to mounts a denial of service attack Between 22 April 2004 and 28 April 2004 against the following sites:

www.keygen.us
www.freemule.net
www.kazaa.com
www.emule.de
www.cracks.am

The denial of service consists of four redundant HTML requests to each of these sites every second. However, because the virus has not spread widely yet, the resulting attack is not expected to be massive and the above sites will surely not stop their service.

  Discuss this article on the Forum

 
 
Start Page
Make "PC Flank" your   
Start Page!   
Make

 
In the Spotlight
» One man's job

» Outpost Firewall Pro Review

   
 

 
Sponsored links


   
 
Related Links
» NetSky-Q worm launches
DDOS attacks
against Kazaa
and eDonkey

   
 

 
   
Outpost Firewall PRO 3.0 - complete protection on the Internet!

Secure Internet surfing with Oupost personal firewall with antispyware and free firewall available for download at www.agnitum.com. 		 
Privacy Policy
    Advertiser Info		 Site Map
    Contact Us

 
 
© 2006 PC Flank Ltd. All rights reserved.