View Full Version : Netsky-P exploits Harry Potter hype


Andrew
06-08-04, 07:44 PM
SearchSecurity.com
Next time you open a file advertised as a new Harry Potter game, it could be the Netsky-P worm casting an evil spell on your computer.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci968651,00.html?track=NL-358&ad=484349

Devilin
06-13-04, 06:43 PM
Try this :) Stop that evil spell from D-evil-in :0

URL removed by Admin

:p

Andrew
06-13-04, 06:58 PM
Please read the Forum Guidelines (http://www.addforums.com/forums/forumdisplay.php?s=&forumid=75) before adding a URL back into your signature.

In addition, the continued spamming of your website in response to posts is not acceptable (please read the Forum Guidelines (http://www.addforums.com/forums/forumdisplay.php?s=&forumid=75)).

Devilin
06-13-04, 07:12 PM
2. Signatures -
Users must have the title of Member (Minimum Posts: 25) to have a URL in their profiles. The websites linked in signatures must be family friendly and must must not be blatent attempts to sell products or services.

Arrrr no 25 post hay
Although it does meet the family friendly, part, and I'm not trying to sell anything, its free advice, you should know, you've used it yourself, and I'd hardly need to Spam this forum for hits, I wouldn't notice the 3 or 4 hits I'd get from here, in the 12000 unique hits I get a month, I'm only trying to be of some small assistance, :)

Andrew
06-13-04, 07:21 PM
Just follow the same rules as everyone else, and we'll all get along just fine :)

Devilin
06-13-04, 07:37 PM
I,m sure we will Big :)
I like your site
Created Using Yahoo! PageBuilder
I see :)

Andrew
06-13-04, 08:02 PM
Thanks :). Now...back to the topic of the thread.... :)

Devilin
06-13-04, 08:35 PM
To right Big

W32.Netsky.P

Arr it's that old

W32 variant, once that's in your Windows/System32 , no anti virus software, could possibly save you,
As no anti virus software, can scan active files,
Although you would be safe, running a dual boot system, or a DOS applications via an external means,
But once you've been infected, the only possible way of being absolutely sure your clean, is to formatted your hard drive,
Isn't that right big :)

Devilin
06-14-04, 04:11 PM
Silly me, I meant the Win32 network interface service process C:\WINDOWS\SYSTEM\MPREXE.EXE
I'm sure you were just about to point out that silly mistake big,

Not forgetting, win32 kennel core component C:\WINDOWS\SYSTEM\KERNEL32.DLL
That pesky little net bios dinosaur that's being exploited by various worms, especially the w32 variant, on many occasion
Isn't that right big :)
? What are your thoughts, on the net bios dinosaur, and its exploitation by various worms like W32.Netsky.P
big ?

Andrew
06-14-04, 05:02 PM
My understanding was that the C:\~\MPREXE.EXE is an application that allows earlier versions of Windows to have more than one network client, protocol, or adapter. MPREXE.EXE handles network requests between the different adapters and clients.

According to the information I have seen, this application is not vulnerable to worms/trojans/virii. etc.

As for the W32.Netsky.P worm, its a mass mailing worm with its own smtp engine in it to send mail to any e-mail addresses it finds. Yes, it also changes some values in the registry, makes it hard to get rid of etc., and propagates itself fairly effectively.

Am I considering a flavor of Linux? Yes. and will probably switch one of my older machines over to Linux by the end of the summer.

Will virii, worms and trojans be the end of Windows as we know it? I dont think so. Not so long as Microsoft insists on providing backwards compatability for many older products. Perhaps when we switch completely to a 64 bit processing architecture....who knows?

Devilin
06-14-04, 06:10 PM
MPREXE.EXE Module KERNEL32.DLL and there like
There just active components of Windows, any active component, can be exploited, and as virus scanners, can't scan active components, there an obvious target, as they've all got holes
But most of this, is win 95/98 stuff,
Linux, I've not install it onto my system, I've only used it via sever type interfaces, DOS command prompt type stuff, I'll stick with Windows, its what most people have, so its what most people have problems with, and I like helping people educate themselves out of problems, pay back for when I was learning and people helped me