I've now had it 5 times in the last 10 mins and Norton isn't picking it up. A different subject/content each time. Doesn't seem to match the virus knowledge bases so maybe it's a new one.
A new mass-mailing worm has appeared in moderate-large numbers. It copies itself as a either a zip archive or an executable file. When as a zip the user has to unzip and run the executable.
Subject: Randonly chosen from:
unknown fake stolen information warning something for you read it immediately hello
Message body: Randonly chosen from:
something is fool something is going wrong you are bad you try to steal you feel the same you earn money thats wrong why? take it easy reply do you? that's funny here, the cheats here, the introduction here, the serials from the chatter about me information about you something is going wrong! stuff about you? greetings see you here it is that is bad yes, really? i found this document about you your name is wrong i hope it is not true! kill the writer of this document! something about you! I have your password! you are a bad writer is that from you? i wait for a reply! is that your account? is that your name? is that true? here my hero read it immediately! here is the document. read the details. i'm waiting what does it mean? anything ok?
Attachment: One of the following file names with a double extension
misc party disco part2 mail2 object ranking dinner release final location jokes friend website mails story found nomoney aboutyou shower topseller product swimmingpool bill note concert textfile posting stuff attachment details creditcard message talk document unknown fake stolen information warning something for you read it immediately hello
First extions are: .txt .rtf .doc .htm
For the second extension the worm uses the following:
.exe .scr .com
Severity: Medium Incidence: Medium Potential impact: High
Avoidance Action:
(1) Block on exectuable file types of .EXE (and as matter of routine, .COM, .PIF, .SCR and .BAT), using the filename blocker and/or the data type manager.
(2) Apply antivirus signature updates as and when available.
Reference Links:
N.B. If your mail client extends any of the following URLs over a single line, cut and paste the entire address (within the angle brackets) into your browser.
Just been reading about it on the McAfee site, W32/Netsky.a@MM came out on the 16th Feb and W32/Netsky.b@MM came out today, the 18th. I presume that's what the auto-update was for this morning.
There are a number of worms - a couple of which are only days old, which when AFFECTING A MACHINE WILL SEND THEMSELVES TO EVERYBODY LISTED IN THE 'ADDRESS BOOK' ON THAT MACHINE, THEN PICK ONE OF THOSE ADDRESSES AT RADOM TO SEND ITSELF 'FROM'. It's important to recognise when this is happening and it really doesn't help when automated virus scanners send 'you've got a virus' messages to the (faked) sender.
These worms are why many will find their inbox flooded with 'undeliverable' messages.
Also worth noting that these worms infect Windoze machines, and most commonly Outlook (spit) / Outlook Express (spit puke). As I use neither I don't generally tend to worry about these kind of things...
Had a warning from Symantec about this one this very morning. Norton included it in their database a few days ago, apparently. If you use NAV and have an update from 12th Feb (or later) then you should be protected ;-)
It's a good idea to double check manually anyway. AV vendors understandably see a huge surge of downloads whenever a new virus is announced and consequently bandwidth and servers tend to be found lacking at times.
If you have Windows then you automatically have OE which makes you vulnerable even if you don't use it. You can uninstall it manually or use the free software from
Just received another email from Symantec - they've raised the threat level on this virus to 4 (on a scale of 1 - 5) due to it's propensity and number of reports they're getting from users.
Well, if you don't use it and there's no addresses in the address book, and no POP/SMTP server configured in it, then any virus that tries to use it won't get very far anyway, will it?
MotorsForum website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.