[Dshield] new Netsky.b virus - quick analysis (incl. hexdump)
ccarboni at azerty.com
Thu Feb 19 13:43:54 GMT 2004
Yes, I have. And I think it's only going to get worse.
Eventually, they won't have such a short lifespan, and will have a more
Sometimes it seems as though there is a battle or war going on between virus
writers, hacking groups, whatever, and our systems are the battleground(s).
From: jayjwa [mailto: ]
Sent: Thursday, February 19, 2004 3:54 AM
To: General DShield Discussion List
Subject: Re: [Dshield] new Netsky.b virus - quick analysis (incl. hexdump)
Has anyone noticed that this last batch of virus/worms
all are fundimently the same?
-Arrives as a .ZIP
-Contains an .EXE, occasionally "stealth" named (message.txt.exe)
-HKLM \InProcServer32 Taskmon.server
\Software\Microsoft\Windows\CurrentVerion\Run (insert virus)
-short life span (ie, spread rapidly, then rapidly go extinct)
-Dumb email message/Bad English/Incorrect Syntax in the
fake mail message.
-No real payload beyond replication, in most cases
More information about the list