W32/Netsky.b@MM!zip

This page shows details and results of our analysis on the malware W32/Netsky.b@MM!zip

Download Current DAT: 6617

Threat Detail

Malware Type: Virus

Malware Sub-type: Email

Discovery Date: 2004-10-27

Next Steps:

Overview
Characteristics
Removal

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Minimum DAT

4326 (2004-02-18)

Updated DAT

4762 (2006-05-15)

Minimum Engine

5.1.00

File Length

Varies

Description Added

2004-04-21

Description Modified

2005-02-07

Malware Proliferation

Characteristics

This is a detection for W32/Netsky.b@MM while the virus is contained within a ZIP file.

Although the McAfee scan engine can understand ZIP format, the process of UnZipping takes some time to calculate, and hence detection for the top-level ZIP itself has been added in as a performance measure for email scanning products such as WebShield and GroupShield.

Detection of W32/Netsky.b@MM with the addition of !ZIP to the detection name does indicate that the virus has not had a chance to run on the local system, and hence no damage should have occurred.

For more information on this threat, see:
http://vil.nai.com/vil/content/v_101034.htm

Symptoms

Method of Infection

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).