Visible Symptoms.Detailed AnalysisThis detection covers the "RFC
822 mail text" version of the virus W32/Netsky.P-mm.
In this form, the virus is in text format - this is
only dangerous if the attachment region is reverted
to binary form by an email server or email processing
application.
The detection also relates to a specific format and
structure of the email message - in such detections,
the email will have the an IFrame and WMP exploit construction
trick that may run the attachment automatically on some
unpatched Windows systems, as in the following example
-
Message has been sent as a binary attachment.
Or you can view the message at:
<a href=cid:121401Mfdab4$3f3dL780$75387018@57W81fa70Re
height=0 width=0>*URL*BLOCKED*</a>
<iframe
src=cid:121401Mfdab4$3f3dL780$75387018@57W81fa70Re
height=0 width=0></iframe>
Content-Type: audio/x-wav;
name="message.pif"
Content-Transfer-Encoding: base64
Content-ID:<121401Mfdab4$3f3dL780$75387018@57W81fa70Re>
*ENCODED NETSKY ATTACHMENT*
Description
for W32/Netsky.P-mm. |