Worm/NetSky.P - Worm

Worm/NetSky.P It contains an integrated SMTP engine in order to send emails. A direct connection with the destination server will be established.

The body of the email is one of the following: I noticed that you have visited illegal websites. See the name in the list! , Important message, do not show this anyone! your big love, ;-) ,Thanks! Protected message is attached. ,Congratulations!, your best friend. ,Best wishes, your friend. , Your document is attached. , See the file. , Please see the attached file for details. , Your document is attached to this mail. , SMTP: Please confirm the attached message. , You have written a very good text, excellent, good work! , Your photo, uahhh.... , you are naked! ,You have received an extended message. Please read the instructions. , Partial message is available. , Waiting for authentification. , I hope the patch works. , Here is the website. ;-) , Your file is attached. ,Do not visit this illegal websites! , Delivered message is attached. , I cannot believe that. , I am shocked about your document! , Please authenticate the secure message , I have corrected your document. , Here is my icq list. , You got a new message. , I hope you accept the result! , Important message, do not show this anyone! , Please read the document.

Subject: One of the following: • Re:approved; approved bil; Re:Approved document; Re:Bad request; Re:Bill; data; Re:Delivery Server; Do you?; Does it matter?; Re:Encrypted Mail; Re:Error; Re:Error in document; Re:Failure; Re:file; Re:Free porn; Re:hello; Re:here; Re:Hi; Hi; I cannot forget you!; important data; Internet Provider Abuse; Is that your password?; Re:Its me; Re:List; Re:Message Error; Re:my bill; Re:my data; Re:Order; Postcard; Re:Proof of concept; Re:Protected Mail Delivery; Protected Mail System; Re:Protected Mail system; Re:Question; Re:Request; Re:Sample; Re:Secure SMTP Message; Shocking document; Fw:Warning again; Re:Status; Your day; Re:Your document; Re:your document_all

Aliases:
• Symantec: W32.Netsky.P@mm
• Mcafee: W32/Netsky.p@MM
• Kaspersky: Email-Worm.Win32.NetSky.q
• TrendMicro: WORM_NETSKY.P
• F-Secure: Email-Worm.Win32.NetSky.q
• Sophos: W32/Netsky-P
• Panda: W32/Netsky.P.worm
• Grisoft: I-Worm/Netsky.Q
• VirusBuster: I-Worm.Netsky.Q1
• Eset: Win32/Netsky.Q worm
• Bitdefender: Win32.Netsky.P@mm

Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP

Side effects:
• Drops a malicious file
• Uses its own Email engine
• Registry modification