[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4033B48F.4060007@mccammon.org>
From: keith-list at mccammon.org (Keith W. McCammon)
Subject: W32.Netsky-B.worm spreading (name may vary)
Just (reluctantly) got off the phone with NAI, after being told that my
problem was a missing hotfix. However, I'm convinced that something
else is wrong with this DAT on WebShield SMTP. None of my gateways are
detecting Bagle, and they appear to be detecting Netsky only as
corrupted messages (which they are thankfully configured to block).
The only thing that's keeping me sane right now is the fact that the
same DAT on my Groupshield systems is detecting both without fail. And
a test against a client system indicates that the same DAT on VirusScan
7 systems is also effective (although nothing should be getting that far).
Ohlson_Eric wrote:
> Keith,
>
> Please post the response or fix if you get it. Thanks!
>
> -Eric
>
>
>
> -----Original Message-----
> From: Keith W. McCammon [mailto:keith-list@...ammon.org]
> Sent: Wednesday, February 18, 2004 9:45 AM
> To: 'Full Disclosure List'
> Subject: Re: [Full-Disclosure] W32.Netsky-B.worm spreading (name may
> vary)
>
> No coincidence. All of my gateways stopped alerting on Bagle after
> applying this DAT. On the phone with NAI right now...
>
> Pete Fanning wrote:
>
>>Maybe I'm paranoid, but after applying DAT 4325 to my Webshield server
>
> this morning to catch this new worm I all of a suddon STOPPED catching
> Bagle.B.
>
>>Maybe just a coincedence....maybe not.....
>>
>>---
>>Pete Fanning
>>MATC Technical Services
>>Internet: fanningp@...c.edu
>>
>>
>>
>>
>>>>>Peter Kruse<kruse@...sesecurity.dk> 2/18/2004 7:57:28 AM >>>
>>
>>Hi All,
>>
>>This is a heads up.
>>
>>A small modification of NetSky-A has started spreading in some
>
> european
>
>>countries. Check your favorite AV-vendor for further details.
>>
>>Regards
>>Peter Kruse
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists