- 26 February 2004 11:35
Virus Advisory: Network Associates(R) McAfee AVERT Raises Risk Assessment to Medium on New W32/Netsky.c@MM Worm
McAfee AVERT Receives More than 100 Samples of W32/Netsky.c@MM from Customers around the World
SYDNEY, Feb. 26, 2004 - Network Associates, the leading provider of intrusion prevention solutions, today announced that McAfee(R) AVERT(TM) (Anti-Virus and Vulnerability Emergency Response Team), the world-class anti-virus and vulnerability research division of Network Associates(R), raised the risk assessment to medium on the recently discovered W32/Netsky.c@MM, also known as Netsky.c. Netsky.c is a prolific worm that spreads via email, sending itself to addresses found on the victim's machine. The worm was first seen by McAfee AVERT researchers earlier today. To date, McAfee AVERT has received approximately 60 samples an hour from both real customer submissions and virus-generated mail. In total, McAfee AVERT has seen close to 100 samples from customers around the world.
Netsky.c is an Internet worm that once activated emails itself to addresses found on the victim's machine. The worm then attempts to copy itself to folders on drives C: - Z: and deactivate the W32/Mydoom.a@MM, W32/Mydoom.b@MM, W32/Netsky.a@MM, and W32/Netsky.b@MM viruses.
After being executed, Netsky.c emails itself out as an attachment with a randomly chosen filename. The worm then copies itself the WINDOWS directory with the filename "WINLOGON.EXE." The worm adds the key, "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"ICQ Net" = %WinDir%\WINLOGON.EXE -stealth" to the registry, which helps it activate at the system start-up. In addition, the worm copies itself to directories containing the string "shar" on the local system and on mapped network drives, which results in propagation via KaZaa, Bearshare, Limewire and other P2P applications that use shared folder names containing the words share or sharing.
Immediate information and cure for this virus can be found online at the Network Associates McAfee AVERT site located at http://vil.nai.com/vil/content/v_101048.htm . Users of McAfee Security anti-virus products should update their systems from that page and use the 4328 or later scanning engine to stop potential damage.
Network Associates McAfee(R) Protection-in-Depth(TM) Strategy delivers the industry's only complete set of system and network protection solutions differentiated by intrusion prevention technology that can detect and block these types of attacks. This allows customers to protect themselves while they plan their patch deployment strategy.
McAfee AVERT Labs is one of the top-ranked anti-virus research organizations in the world, employing more than 90 researchers in offices on five continents. McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.
About Network Associates
With headquarters in Santa Clara, California, Network Associates, Inc. (NYSE: NET) creates best-of-breed computer security solutions that prevent intrusions on networks and protect computer systems from the next generation of blended attacks and threats. Offering two families of products, McAfee System Protection Solutions, securing desktops and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate network, Network Associates offers computer security to large enterprises, governments, small and medium sized businesses, and consumers. For more information, Network Associates can be reached on the Internet at http://www.networkassociates.com/ .
NOTE: Network Associates, McAfee and AVERT are either registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners.
For further information or comment, please contact Allan Bell directly on the details below:
Allan Bell - Marketing Director
0412 411 929 or 02 9761 4229