There is a new virus that is spreading

[justhangn]

(Netsky.c) and the antivirus products are not yet updated to cure it. PLEASE do not open any file attachments that are zip files unless you are positive that they are legitimate and are from someone you know! If you are not sure, call the person who sent you the email before opening it. Please delete all email messages you receive that contain a suspicious zipped file attachment.

 

[Danzig]

DELETE all email with the Subject that is one of the following.



hi

hello

read it immediately

something for you

warning

information

stolen

fake

unknown





W32.Netsky.B@mm is a Category 4 mass-mailing worm which arrives with varied email subject,

body, and attachment, and attempts to spread through both email and file sharing folders.





Uses its own SMTP engine to send itself to the email addresses it found above.



The email has the following characteristics:



From: (Spoofed)



Subject: (One of the following)



hi

hello

read it immediately

something for you

warning

information

stolen

fake

unknown



Message: (One of the following)



anything ok?

what does it mean?

ok

i'm waiting

read the details.

here is the document.

read it immediately!

my hero

here

is that true?

is that your name?

is that your account?

i wait for a reply!

is that from you?

you are a bad writer

I have your password!

something about you!

kill the writer of this document!

i hope it is not true!

your name is wrong

i found this document about you

yes, really?

that is bad

here it is

see you

greetings

stuff about you?

something is going wrong!

information about you

about me

from the chatter

here, the serials

here, the introduction

here, the cheats

that's funny

do you?

reply

take it easy

why?

thats wrong

misc

you earn money

you feel the same

you try to steal

you are bad

something is going wrong

something is fool



Attachment:

W32.Netsky.B@mm will create a .zip file as the attachment 48.5% of the time, which randomly chooses one of the Attachment Names below. The archive contains an executable copy of the worm, which also randomly chooses one of the Attachment Names below.



The rest of the time, the worm will create an executable file as the attachment, which randomly chooses one of the Attachment Names below.



Attachment Name: (One of the following)



document

msg

doc

talk

message

creditcard

details

attachment

me

stuff

posting

textfile

concert

information

note

bill

swimmingpool

product

topseller

ps

shower

aboutyou

nomoney

found

story

mails

website

friend

jokes

location

final

release

dinner

ranking

object

mail2

part2

disco

party

misc



Extensions:

If the attachment is an executable file, the worm will create a double extension 53.8% of the time. If the attachment is a .zip file, then the executable within the .zip will have a double extension 33% of the time. The first, variable extension in these cases will be one of the following:





.txt

.rtf

.doc

.htm



All executables will end with one of the following extensions:





.exe

.scr

.com

.pif

 

[vraiblonde]

I got one yesterday that bounced back from someone I supposedly sent it to - but it really came from someone at Compliance. So apparently it spoofs a sender from your address book.

 

[justhangn]

This is serious you buttmunches.

 

[Danzig]

Originally posted by vraiblonde
I got one yesterday that bounced back from someone I supposedly sent it to - but it really came from someone at Compliance. So apparently it spoofs a sender from your address book.

Not always, I have had a few that had unknown to me and not in my address book or contacts but with navair.navy.mil and I had some that WERE in my address book I got one that said it was from me, It was from a comcast user.

Also if you try to send a email to a NMCI navy.mil address with hi or hello as the entire subject they will be stopped at the firewall also you can not send emails with hi or hello from an NMCI computer, it willl strip the message and any attachments.

 

[Ehesef]

I got one, I think it came to me through my mom's address book. I recognized the addy, but it's not in my address book and I'm not in theirs.

 

[Ponytail]

I've gotten 5 of them so far today. NMCI seems to be doing it's joba and stripping the attachments first. I know...

 

[Chicagofan]

I copied this info and sent it out from my hotmail account. This is the first I have heard of this one. I immediately received one of these emails on my computer at work, which is where I sent it out from.I didn't open it. Thank you whomever posted this.

 

[Dymphna]

I had an email in my "junk" folder on Monday that listed sender as "unknown" and subject as "unknown." I kinda thought that was weird. I deleted it.

 

[mainman]

McAfee just released updated definitions...

 

[Dymphna]

Originally posted by migtig
I received one today from the Washington Post - them bastages. I had to go onto the server to delete it cause my mail wouldn't download. And it was "Hello" and "Here is the document"

At your work email? I'd say it was intentional.

 

[Danzig]

The email has the following characteristics:

From: (Spoofed)


THIS MEANS IT'S NOT WHO IT SAYS IT IS FROM

As I said I got one that said it was from a navair.navy.mil and it was from comcast.

If you use (most) Microsoft Outlook

1. open an email (double click on it)
2. Under View click Options
3. Look at the internet headers and you will see WHERE it came from and WHO realy sent it and how it got to you.