Home / malware Win32.Netsky.T@mm
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Win32.Netsky.T@mm.
Explanation :
This is the first version of netsky to include a backdoor component.
A compressed and encrypted hardcoded text string exists in the worm body:
"Now we have programmed our backdoor, it cannot be used for spam relaying,only for Skynet distribution,
our advice: educate the users or update the smtp protocol, and heuristics cannot detect Skynet, becauses
numerous scambler, compressors, and protectors exists including programming new features.
Thanks to russia, and thanks to CCC
for support.
09:34 A.M, Russia"
The backdoor component listens on port 6789. If the attacker sends an executable file, the worm will download and execute it immediately.
If the system date is between 14.04.2004 and 23.04.2004, the worm will start a "Denial-Of-Service” attack against several websites: (www.keygen.us, www.freemule.net, www.kazaa.com, www.emule.de, www.cracks.am).Last update 21 November 2011