Full Disclosure mailing list archives
Re: W32.Netsky-B.worm spreading (name may vary)
From: "Keith W. McCammon" <keith-list () mccammon org>
Date: Wed, 18 Feb 2004 13:53:03 -0500
Just (reluctantly) got off the phone with NAI, after being told that my problem was a missing hotfix. However, I'm convinced that something else is wrong with this DAT on WebShield SMTP. None of my gateways are detecting Bagle, and they appear to be detecting Netsky only as corrupted messages (which they are thankfully configured to block).
The only thing that's keeping me sane right now is the fact that the same DAT on my Groupshield systems is detecting both without fail. And a test against a client system indicates that the same DAT on VirusScan 7 systems is also effective (although nothing should be getting that far).
Ohlson_Eric wrote:
Keith, Please post the response or fix if you get it. Thanks! -Eric -----Original Message-----From: Keith W. McCammon [mailto:keith-list () mccammon org] Sent: Wednesday, February 18, 2004 9:45 AMTo: 'Full Disclosure List' Subject: Re: [Full-disclosure] W32.Netsky-B.worm spreading (name may vary)No coincidence. All of my gateways stopped alerting on Bagle after applying this DAT. On the phone with NAI right now...Pete Fanning wrote:Maybe I'm paranoid, but after applying DAT 4325 to my Webshield serverthis morning to catch this new worm I all of a suddon STOPPED catching Bagle.B.Maybe just a coincedence....maybe not..... --- Pete Fanning MATC Technical Services Internet: fanningp () matc eduPeter Kruse<kruse () krusesecurity dk> 2/18/2004 7:57:28 AM >>>Hi All, This is a heads up. A small modification of NetSky-A has started spreading in someeuropeancountries. Check your favorite AV-vendor for further details. Regards Peter Kruse _______________________________________________ Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- W32.Netsky-B.worm spreading (name may vary) Peter Kruse (Feb 18)
- Re: W32.Netsky-B.worm spreading (name may vary) I.R. van Dongen (Feb 18)
- <Possible follow-ups>
- Re: W32.Netsky-B.worm spreading (name may vary) Pete Fanning (Feb 18)
- Re: W32.Netsky-B.worm spreading (name may vary) Keith W. McCammon (Feb 18)
- RE: W32.Netsky-B.worm spreading (name may vary) Randal, Phil (Feb 18)
- Re: W32.Netsky-B.worm spreading (name may vary) Keith W. McCammon (Feb 18)