Date: Tuesday, March 23 @ 12:57:38 PST
Due to an increase in the rate of submissions, Symantec Security Response has upgraded W32.Netsky.P@mm to a Category 3 from a Category 2 threat as of March 22, 2004. W32.Netsky.P@mm (also known as W32.Netsky.Q@mm) is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension. Additionally, the worm attempts to take advantage of a rather old Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability that will cause unpatched systems to auto-execute the worm when reading or previewing an infected message.
A free tool is available here to clean infections of the W32.Netsky.P@mm virus.