Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netsky AG - New variant in-the-wild


  • Please log in to reply
1 reply to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:20 AM

Posted 14 October 2004 - 06:36 AM

Even though the author has been arrested, new versions of this virus family continue to be developed. In fact Netsky.P reamins one of the worst email viruses since Klez.H.

As noted, Secunia provides a good summary of all AV vendors (as many have differing suffixes). Thankfully, this new variant remains low-risk by most AV vendors currently.

Secunia Information
http://secunia.com/virus_information/12662/

McAfee - W32/Netsky.ag@MM
http://vil.nai.com/vil/content/v_128905.htm

Symantec - W32.Netsky.AD@mm (currently rated Level 2)
http://www.sarc.com/avcenter/venc/data/w32.netsky.ad@mm.html
This variant of W32/Netsky is similar to previous variants. It bears the following characteristics:

* constructs messages using its own SMTP engine
* harvests email addresses from the victim machine
* spoofs the From: address of messages

Avoid all EMAIL attachments that end as follows:

.pif
.com
.scr
.bat
.zip

BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:20 AM

Posted 14 October 2004 - 12:10 PM

McAfee just went MEDIUM RISK with DAT 4399 issued




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users