The Netsky Virus

Tips & Hints

Updated 31 March, 2004

The Netsky must have achieved some sort of dubious record for the number of different versions spawned across the net.

The common factor is that all versions include a *.pif attachment that if run will damage anti virus programs. The subject line often starts with an re: (or even and RE: RE:) and has lines like "your website" and "Your document is attached." Some variations pose as rejected return messages.

You should never open attachments that end in PIF or EXE.

As it scans the victims computer for a return address, it may appear to come from someone you know. Do not assume that emails that seem to come from people you trust are clean. Also, you shouldn't assume the virus came from the person on the return address.

An important aspect of the Netsky virus is that it causes many email servers to send false virus warnings. Just ignore any warnings that claim you have a virus. As long as you have up to date virus protection and use common sense, you should avoid this virus.

The best way to avoid this virus is not to open suspicious attachments. We have a list of attachments to avoid at What's In Your Inbox. This article turned two years old this week, so the virus writers are using some fairly old tricks. More details on the Netsky virus are at The Register and Symantec.

If you have been infected with the Netsky worm, Symanted has a removal tool for the various types of Netsky.

PC Rescue Pty Ltd
Suite 236, 4 Young Street Neutral Bay NSW 2089
ABN 082 635 765
ŠTechnology Publishing Australia, 2011