Discovered on: February 18, 2004

The W32.Netsky.B@mm (http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.html) worm is responsible for many virus infected e-mails being sent to some of the NFHiB E-Mail accounts at the moment:


W32.Netsky.B is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. This worm also searches drives C through Z for folder names containing "Share" or "Sharing," and then copies itself to those folders.

The Subject, Body, and email attachment vary.

It's very likely that some of the e-mails we're receiving are coming from forum members' computers, without their knowledge as the e-mail origins are from different ISP's.

Just a heads up, please update your virus definitions/files and check to see you haven't got this worm. B)

More info about this from the link above and Symantec has a free tool (http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html) to remove the worm.

Hi HN,

Virii and Worms often send themselves out to the contacts on your computer, whether that's e-mail addresses it finds in mail programs/software or from e-mail info - using their own 'internal sending mechanism' if you like.

That means, a virus or worm can re-produce itself in a 'stealth' like mode behind your back, without your knowledge by attempting to infect other systems by spreading via e-mail. As they do this using their own internal 'mailing' system which is part of the virus itself, it will often leave no trace on more traditional e-mail programs in use, such as Outlook Express, Pegasus, Eudora, etc. So, what you'd expect to see, say in Outlook Express in the Outbox or Sent Items folder, will never be seen with a Virus with it's own mailing capabilities [e.g. it's own 'SMTP Engine'].

They are often very clever if you consider what they're doing, but that's how they often go so un-noticed for such a while.

If you're on Broadband, installing a hardware or Software firewall [e.g. Sygate Personal Firewall, Zone Alarm, etc] is crucial while you're not at the PC; you can set the firewall to block all incoming/outgoing internet traffic while the PC is not being used, but is still on, just by a few clicks or so. :D

And, otherwise, and just in case of infection, you can use this stand-alone facility to clean. or otherwise deal with various virii ......

http://vil.nai.com/vil/stinger/



Isn't life fun? :P


Sapph :D

Off to hunt worms :ph34r: ;)

Originally posted by hollygolightly@Feb 29 2004, 1:52 PM
Off to hunt worms** :ph34r:** ;)
Don't forget your fishing rod. :P

I was wondering...Are these things only spread if you open an attachment on an e-mail? Or can they just infect from using the net, or reading an e-mail without an attachment?

I know I need to update my anti-virus stuff but don't feel very confident about using these tools off the net, it seems quite complicated and mentions Windows XP, ME, 2000 etc but I'm on 98 still :( .

Originally posted by mazza@Feb 29 2004, 4:27 PM
I was wondering...Are these things only spread if you open an attachment on an e-mail? Or can they just infect from using the net, or reading an e-mail without an attachment?
I would say, IMO, that yes, the majority of infections occur this way.

Even if an attachment is from someone you know, always virus check first. If a file looks suspicious, e.g:


business-stats.doc.com
business-stats.doc.exe

Never open it. It's an attempt in this example to make a file look like a MS Word Document, whereas in reality these are both files that will 'execute' commands on your computer and run files.

It is possible though to get trojans/worms/viiri over your browser and other ways.

I'm on Windows 98 too, mazza. I've just run that programme that Matthew gave the link for, and I'm pleased to say this worm aint in my computer. Phew. ;)