"your...document"

 
Wednesday, May 12, 2003
Today we have an 18kb file called "your_document'.
 
Looking at it in Windows Explorer it shows up as a Shortcut to MS-DOS file.This one looks promising.
 
A warning dialog box opened to see if I really wanted to proceed, sure! Clicking on the attachment the wait Hour Glass showed for a number of seconds then there was no other action. Gee, I guess I'm in the clear right?

Rebooting the machine Norton Anti Virus was activated and caught W32.Netsky trying to access the WinNT Winlogon.exe file.

As nothing bad seemed to happen. When I launched the file Norton was disabled, in rebooting Norton was automatically enabled and stopped an unwanted access.

Time to uninstall Norton!
 
"your_document' installed itself nicely and quite invisibly. Nothing noticable happened right away but after a few minutes a box popped up on the screen saying an internal error had occured and some information was needed.
 

 
By filling out the bare minimum required the MAPU32 was happy. I was not about to enter in my password. I rebooted, checked mail and saw nothing out of the ordinary. Then I switched over to my main machine, checked mail on my personal account and "John Smith" had sent him a letter with an attachment. By looking at the dialog boxes Norton had thrown up this is the W32.Netsky worm.
 
From Norton:
"W32.Netsky.D@mm is a mass-mailing worm that is a variant of W32.Netsky.C@mm. The worm scans drives C through Z for email addresses and sends itself to those that are found. The Subject, Body, and Attachment names vary. The attachment will have a .pif file extension."

Nothing serious but an annoyance. Norton does have instructions for removal on their site which I will not go into here - as I tell everyone, don't bring me your machine to remove a virus. Do it yourself or go pay someone else.

Next time you may think twice before opening attachments.
 
http://www.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html
http://www.symantec.com/avcenter/index.html

John Smith

 

 

Return to Ensign - Return to Saskatchewan News

 
This page is a story posted on Ensign and/or Saskatchewan News, both of which are daily web sites offering a variety of material from scenic images, political commentary, information and news. These publications are the work of Faster Than Light Communications . If you would like to comment on this story or you wish to contact the editor of these sites please send us email. The concepts and strategy used by this contributor are not endorsed or supported in any way by this publication but are the views and practices of the author.
 

Editor : Timothy W. Shire
Faster Than Light Communication
Box 1776, Tisdale, Saskatchewan, Canada, S0E 1T0
306 873 2004