Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NETSKY.P

Status
Not open for further replies.
VBmim

VBmim

Programmer
Jun 25, 2001
361
BE
Hello everyone

Lately, we are receiving a lot of mails infected with Netsky.P . The infected attachment is removed by our anti-virus software.
The email itself contained following body:


If the message will not displayed automatically,
follow the link to read the delivered message.

Received message is available at:
[i/]

Now, as a user was showing me this 'strange' email, he clicked the link that was in it. What exactly happens when you click this link? I have found many explanations on how to remove the virus if the attachment was open, but that is not the case here...

Greetz

VBMim
 
Sort by date Sort by votes
Bear in mind that the worm uses the Incorrect MIME heads vulnerability, so you don't need to open the attachment to get it. Seeing it with the preview pane turned on will infect a vulnerable system.
Windows update ran on that system lately (the update came out a while ago)? If not, you may have it.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

masstechteach
  • Locked
  • Question
w32.netsky.p@mm!enc
Replies
5
Views
40
SimpleJohn
SimpleJohn
Rules2liveby
  • Locked
  • Question
NetSKY.D and NetSky.P - Outbound???
Replies
1
Views
42
mattjurado
mattjurado
sdgman500
  • Locked
  • Question
W32.Netsky.P@mm!enc on Exchange 5.5
Replies
2
Views
46
sdgman500
sdgman500
ms7212
  • Locked
  • Question
Netsky.p.eml!exe 1
Replies
3
Views
61
shrubble
shrubble
darrylka
  • Locked
  • Question
W32/Netsky.p.eml!exe Virus/Worm
Replies
5
Views
79
rothin
rothin

Part and Inventory Search

Sponsor

Back
Top