View Full Version : What is W32.Netsky.P@mm and how does it affect me?

03-23-04, 11:59 PM
W32.Netsky.P@mm, also known as W32.Netsky.Q@mm, is yet another varient of the Netsky worm, a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning hard drives and/or mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.

The "From" line of the email is spoofed, and its "Subject" line and
message body vary.

The attachment name varies with .exe, .pif, .scr, or .zip file extension.

Also, this threat is compressed with FSG.

- Symantec Consumer products that support Worm Blocking functionality automatically detect this threat as it attempts to spread.

- The worm's executable has a static MD5 hash value of 0x0A9FFA57D65083C92E0D3D69B00F2F0D.m.

- Rapid release definitions dated March 21, 2004 or March 22, 2004 may detect this threat as W32.Netsky.Q@mm.

To read more about the W32.Netsky.P@mm, please
click here. (