Description complète

Nume:	Worm/NetSky.#1
Descoperit pe data de:	05/04/2004
Tip:	Vierme
ITW:	Nu
Numar infectii raportate:	Scazut
Potential de raspandire:	Mediu
Potential de distrugere:	Scazut
Fisier static:	Da
Marime:	18.432 Bytes
MD5:	ff05ddc00C74ef41157a2552af455e59
Versiune VDF:	6.24.00.87

General Metoda de raspandire:
   • Email

Alias:
   • Symantec: W32.Netsky.T@mm
   • Mcafee: W32/Netsky.t@MM
   • Kaspersky: Email-Worm.Win32.NetSky.t
   • TrendMicro: WORM_NETSKY.T
   • F-Secure: W32/Netsky.T@mm
   • Sophos: W32/Netsky-T
   • Grisoft: I-Worm/Netsky.T
   • VirusBuster: iworm I-Worm.Netsky.U
   • Bitdefender: Win32.NetSky.T@mm

Sistem de operare:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Efecte secundare:
   • Utilizeaza propriul motor de email
   • Modificari in registri

Fisiere Se copiaza in urmatoarea locatie:
• %WINDIR%\EasyAV.exe

Este creat fisierul:

– Copie codificata MIME:
• %WINDIR%\uinmzertinmds.opm

Registrii sistemului Urmatoarea cheie este adaugata in registri, in mod repetat, pentru a porni procesul dupa reboot.

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "EasyAV"="%WINDIR%\EasyAV.exe"

Email Are un motor SMTP integrat. Va fi facuta o conexiune directa cu serverul destinatar. Iata caracteristicile lui:

De la:
Adresa este falsificata.

Catre:
– Adrese de email gasite pe sistem.

Subiect:
Subiectul mesajului se compune din:

    Uneori incepe cu:
   • Re:

    continuand cu una din urmatoarele:
   • Important
   • My details
   • Your information
   • Your details
   • Your document
   • Request
   • Thank you!
   • Approved
   • Hello
   • account
   • postcard
   • sample
   • developement
   • concept
   • story
   • report
   • icq number
   • e-mail
   • phone number
   • personal message
   • photo document
   • order
   • important document
   • diggest
   • final version
   • release
   • answer
   • bill
   • notice
   • requested document
   • description
   • summary
   • picture document
   • movie document
   • approved document
   • old document
   • document
   • mail
   • letter
   • homepage
   • detailed document
   • powerpoint document
   • excel document
   • word document
   • info
   • information
   • text
   • new document
   • textfile
   • user list
   • improved file
   • secound document
   • file
   • number list
   • contact list
   • message
   • note
   • improved document
   • details
   • instructions
   • presentation document
   • abuse list
   • archive
   • corrected document
   • list
   • approved file

Corpul email-ului:
Corpul email-ului este unul din textele:

   • Hello!

   • Hi!

Uneori continuand cu una din urmatoarele:

   • Your file is attached to this mail.

   • Please read the attached document.

   • Please have a look at the attached document.

   • See the document for details.

   • Here is the document.

   • Note that I have attached your document.

   • I have spent much time for your document.

   • Please notice the attached document.

   • My %simbol 1% is attached.

   • Your %simbol 1% is attached

   • I have found the %simbol 1%

   • Please notice the attached %simbol 1%

   • I have spent much time for the %simbol 1%

   • Please read quickly.

   • For more details see the attached document.

   • For more information see the attached document.

   • Approved, here is the document.

   • The requested %simbol 1% is attached!

   • I have sent the %simbol 1%.

   • Please see the %simbol 1%.

   • The %simbol 1% is attached.

   • Here is the %simbol 1%.

   • Please have a look at the %simbol 1%.

   • Please read the %simbol 1%.

   • Please, %simbol 1%.

   • My %simbol 1%.

   • The %simbol 1%.

   • Your %simbol 1%.

Uneori continuand cu una din urmatoarele:

   • Yours sincerely


   • Thank you


   • Thanks

%simbol 1% este inlocuit cu unul din urmatoarele:
   • account; postcard; sample; developement; concept; story; report; icq
      number; e-mail; phone number; personal message; photo document; order;
      important document; diggest; final version; release; answer; bill;
      notice; requested document; description; summary; picture document;
      movie document; approved document; old document; document; mail;
      letter; homepage; detailed document; powerpoint document; excel
      document; word document; info; information; text; new document;
      textfile; user list; improved file; secound document; file; number
      list; contact list; message; note; improved document; details;
      instructions; presentation document; abuse list; archive; corrected
      document; list; approved file; report

Atasament:
Numele fisierului atasat este unul din urmatoarele:
   • account%numar%.pif; postcard%numar%.pif;
      sample%numar%.pif; developement%numar%.pif;
      concept%numar%.pif; story%numar%.pif;
      report%numar%.pif; icq_number%numar%.pif;
      e-mail%numar%.pif; phone number%numar%.pif;
      personal_message%numar%.pif; photo_document%numar%.pif;
      order%numar%.pif; important_document%numar%.pif;
      diggest%numar%.pif; final_version%numar%.pif;
      release%numar%.pif; answer%numar%.pif;
      bill%numar%.pif; notice%numar%.pif;
      requested_document%numar%.pif; description%numar%.pif;
      summary%numar%.pif; picture_document%numar%.pif;
      movie_document%numar%.pif; approved_document%numar%.pif;
      old_document%numar%.pif; document%numar%.pif;
      mail%numar%.pif; letter%numar%.pif;
      homepage%numar%.pif; detailed_document%numar%.pif;
      powerpoint_document%numar%.pif;
      excel_document%numar%.pif; word_document%numar%.pif;
      info%numar%.pif; information%numar%.pif;
      text%numar%.pif; new_document%numar%.pif;
      textfile%numar%.pif; user_list%numar%.pif;
      improved_file%numar%.pif; secound_document%numar%.pif;
      file%numar%.pif; number_list%numar%.pif;
      contact_list%numar%.pif; message%numar%.pif;
      note%numar%.pif; improved_document%numar%.pif;
      details%numar%.pif; instructions%numar%.pif;
      presentation_document%numar%.pif;
      abuse_list.%numar%.pif; archive%numar%.pif;
      corrected_document%numar%.pif; list%numar%.pif;
      approved_file%numar%.pif

Atasamentul este o copie malware.

Email Cautare adrese:
Cauta adrese de email in urmatoarele fisiere:
   • ppt; nch; mmf; mht; xml; wsh; jsp; xls; stm; ods; msg; oft; sht; html;
      htm; pl; dbx; tbb; adb; dhtm; cgi; shtm; uin; rtf; vbs; doc; wab; asp;
      mdx; mbx; cfg; php; txt; eml

Backdoor Deschide portul

– %fisier executat% pe portul TCP 6789

DoS (Denial of Service) Pe data de 14/04/2004 pana la 17/04/2004 lanseaza un atac DoS asupra urmatoarelor destinatii:
   • www.keygen.us
   • www.freemule.net
   • www.kazaa.com
   • www.emule.de
   • www.cracks.am

Alte informatii Mutex:
Creeaza urmatorii mutecsi:
   • SyncMutex_USUkUyUnUeUtU
   • Protect_USUkUyUnUeUtU_Mutex

Sir de caractere:
In plus, mai contine urmatorul sir de caractere:
   • Now we have programmed our backdoor, it cannot be used for spam relaying, only for Skynet distribution, our advice: educate the users or update the smtp protocol, and heuristics cannot detect Skynet, becauses numerous scambler, compressors, and protectors exists including programming new features. Thanks to russia, and thanks to CCC for support. 09:34 A.M, Russia

Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).

Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit urmatorul program de arhivare:
• UPX

Description insérée par Ionut Slaveanu le jeudi 4 mai 2006
Description mise à jour par Cosmin Ancuta le vendredi 5 mai 2006

Retour . . . .

Protection avancée pour votre PC

Produits gratuits

Les plus populaires

Tous les produits

Offres groupées

Stations de travail

Server

Offres groupées

Mail Gateways

Web Gateways

Plateformes collaboratives

Particuliers

Entreprises

Virus Lab

Support avancé

Programme Avira Partner

Particuliers

Entreprises

Une simple évaluation vous suffit ?

Manuels et outils