W32.Netsky.P@mm

  • Thread starter Thread starter Adam Russell
  • Start date Start date
A

Adam Russell

For the last couple weeks I have been getting a couple messages a day from
NIS telling me that a file is infected on my computer. It deletes it every
time. It seems to happen when I get my mail. Should I be worried? The
files in question are named something like cc42.tmp. Im using winxp with
service pack 2, OE 6.00, and NIS2005. I suspect it is 'just' someone
sending me virus spam which is then blocked by norton, but I worry because
this only just started the last few weeks. Should I be worried, and is
there a way to stop it?
 
In news: Adam Russell typed:
For the last couple weeks I have been getting a couple messages a day
from NIS telling me that a file is infected on my computer. It
deletes it every time. It seems to happen when I get my mail.
Should I be worried?
Click to expand...

No as long as NIS is blocking it.
The files in question are named something like
cc42.tmp. Im using winxp with service pack 2, OE 6.00, and NIS2005.
I suspect it is 'just' someone sending me virus spam which is then
blocked by norton, but I worry because this only just started the
last few weeks. Should I be worried, and is there a way to stop it?
Click to expand...

Adam, the only way to stop it is to report the IP address of the infected PC
to the ISP that the virus is sent from.

You will have to learn how to read email headers and learn how to decode
where the virus came from.

Helpful tools are SamSpade and emailabuse.org:
http://www.samspade.org/t/
http://www.emailabuse.org/
 
Adam said:
For the last couple weeks I have been getting a couple messages a day from
NIS telling me that a file is infected on my computer. It deletes it every
time. It seems to happen when I get my mail. Should I be worried? The
files in question are named something like cc42.tmp. Im using winxp with
service pack 2, OE 6.00, and NIS2005. I suspect it is 'just' someone
sending me virus spam which is then blocked by norton, but I worry because
this only just started the last few weeks. Should I be worried, and is
there a way to stop it?
Click to expand...

Start using Firefox for your browser and Thunderbird for your e-mail.
Here is a quote from Panda-
"Netsky.P is automatically activated when the e-mail message is viewed
through Outlook's Preview Pane. It does this by exploiting a
vulnerability in Internet Explorer, which allows e-mail attachments to
be automatically run. This vulnerability exploit is known as
Exploit/iFrame."
-max
 
What's in a name?,

Since the OP is using IE version 6.x, the issue you discuss is not
applicable. The following is quoted from the text available at;

http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

(Begin Quote)
Microsoft Security Bulletin (MS01-020)
Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Does this vulnerability affect IE 6?
No. You can eliminate the vulnerability by upgrading to IE 6. However, if
you are running Windows 95, 98, 98SE or ME, you should be aware that you
will need to install IE 6 in a certain way. Specifically, you will need to
choose either the Full Install or Typical Install option. (The default
installation type is Typical Install). If you choose Minimal Install or
Custom Install, the files containing the vulnerability might not be
upgraded, and your system could remain vulnerable.
Customers running Windows NT 4.0, Windows 2000, or Windows XP do not need to
concern themselves with this contingency, as IE 6 does not provide either a
Minimal or Custom Install option when installing on these systems. Any
upgrade to IE 6 on one of these systems would fully eliminate the
vulnerability. More information on this is available in Knowledge Base
article Q308411.
(End Quote)
 
Sir_George said:
What's in a name?,

Since the OP is using IE version 6.x, the issue you discuss is not
applicable.
Click to expand...

That still doesn't change the fact that the OP would be safer using
another browser(Firefox) and e-mail client(Thunderbird).
-max
 
Back
Top