New Threat: Netsky.C Worm

There’s a new worm out there that I’m sure you’ve run into, and it’s a sneaky one. W32.Netsky.C is a mass-mailing worm that uses its own SMTP engine (mail server) to send infected emails to the email addresses it finds when scanning the hard drives and mapped drives.

Using a variety of subject lines and body text these emails trick the recipient into opening them.

Once unleashed, this worm also searches drives C through Z for folder names containing “Shar” and then copies itself to those folders allowing it to infect any PCs on your network.


You should have updated antivirus software—especially if you are using a POP3 email client (Outlook Express, Netscape Mail, Eudora). Web based like AOL, Yahoo, and Hotmail scan for viruses, so you are less likely to get infected. The big name A-V software companies all keep current on the latest threats, so being up-to-date is a good defense.

Do not open attachements from anyone you don’t know and scan any from friends and family.

The subject lines for infected emails include: Your website, Your letter, Word file, Here is the document, and re: Your Document. There are dozens more, but you get the idea.

The body can include one of the following: Your file is attached, Please read the attached file, Please have a look at the attached file, See the attached file for details, Here is the file, or Your document is attached.

In most cases the attachment will have a .pif file extension

Are You Infected?

If you opened an attachment recently and now you hear a regular beeping sound, chances are you’ve been hit. Run a system scan using A-V software. You should check either McAfee or Symantec’s web sites for a list of registry entries that indicate infection.




If you don’t have any Anti-Virus software on your PC (shame on you) both McAfee and Symantec have removal tools specifically for removing Win32.netsky. You can download these for free.

Mcaffe Stinger

Symantec removal tool

Hopefully none of you fell for this one.

Stay safe out there.

~ Chad Stelnicki