lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4033B48F.4060007@mccammon.org>
From: keith-list at mccammon.org (Keith W. McCammon)
Subject: W32.Netsky-B.worm spreading (name may vary)

Just (reluctantly) got off the phone with NAI, after being told that my 
problem was a missing hotfix.  However, I'm convinced that something 
else is wrong with this DAT on WebShield SMTP.  None of my gateways are 
detecting Bagle, and they appear to be detecting Netsky only as 
corrupted messages (which they are thankfully configured to block).

The only thing that's keeping me sane right now is the fact that the 
same DAT on my Groupshield systems is detecting both without fail.  And 
a test against a client system indicates that the same DAT on VirusScan 
7 systems is also effective (although nothing should be getting that far).


Ohlson_Eric wrote:
> Keith,
> 
> Please post the response or fix if you get it.  Thanks!
> 
> -Eric
> 
> 
> 
> -----Original Message-----
> From: Keith W. McCammon [mailto:keith-list@...ammon.org] 
> Sent: Wednesday, February 18, 2004 9:45 AM
> To: 'Full Disclosure List'
> Subject: Re: [Full-Disclosure] W32.Netsky-B.worm spreading (name may
> vary)
> 
> No coincidence.  All of my gateways stopped alerting on Bagle after 
> applying this DAT.  On the phone with NAI right now...
> 
> Pete Fanning wrote:
> 
>>Maybe I'm paranoid, but after applying DAT 4325 to my Webshield server
> 
> this morning to catch this new worm I all of a suddon STOPPED catching
> Bagle.B.
> 
>>Maybe just a coincedence....maybe not.....
>>
>>---
>>Pete Fanning
>>MATC Technical Services
>>Internet: fanningp@...c.edu
>>
>>
>>
>>
>>>>>Peter Kruse<kruse@...sesecurity.dk> 2/18/2004 7:57:28 AM >>>
>>
>>Hi All,
>>
>>This is a heads up.
>>
>>A small modification of NetSky-A has started spreading in some
> 
> european
> 
>>countries. Check your favorite AV-vendor for further details.
>>
>>Regards
>>Peter Kruse
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html 
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ