Hi ILS,
I'm back from work, and have had a quick read up. Unlike most e-mail attachments that are just that, a separate attachment, that can't, if containing a virus, be activated until opened; Netsky, along with the now famous My Doom and Dumari virii are actually embedded in the body of the e-mail itself.
When you click the email notification once, or highlight an email for deletion for whatever reason, you will see a copy of the main body; ie. where you would get the normal text message preview, appear in the lower pane of Outlook. I haven't used Incredimail, but I assume it does something similar. This is all that's needed for the virus to enter your machine. Anything you do with that email must be done by clicking at least once. Once you do that, it's in..
There is a setting in Outlook that stops you from viewing messages in this way, but I can't remember where that is at the moment. I'll try and find out for you.. in the meantime, here are a couple of pages that will give you a clue as to which emails to be wary of..
WORM_NETSKY.C
WORM_NETSKY.D
Cheers
Liam
---------------------------------------------------------------------------------
A member of the
Alliance of Security Analysis Professionals since 2004.