[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] W32.Netsky-B.worm spreading (name may vary)

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] W32.Netsky-B.worm spreading (name may vary)
From: "Keith W. McCammon" <keith-list@mccammon.org>
Date: Wed, 18 Feb 2004 13:53:03 -0500

Just (reluctantly) got off the phone with NAI, after being told that my problem was a missing hotfix. However, I'm convinced that something else is wrong with this DAT on WebShield SMTP. None of my gateways are detecting Bagle, and they appear to be detecting Netsky only as corrupted messages (which they are thankfully configured to block).

The only thing that's keeping me sane right now is the fact that the same DAT on my Groupshield systems is detecting both without fail. And a test against a client system indicates that the same DAT on VirusScan 7 systems is also effective (although nothing should be getting that far).

Ohlson_Eric wrote:

Keith,

Please post the response or fix if you get it. Thanks!

-Eric

-----Original Message----- From: Keith W. McCammon [mailto:keith-list@mccammon.org] Sent: Wednesday, February 18, 2004 9:45 AM To: 'Full Disclosure List' Subject: Re: [Full-Disclosure] W32.Netsky-B.worm spreading (name may vary)

No coincidence. All of my gateways stopped alerting on Bagle after applying this DAT. On the phone with NAI right now...

Pete Fanning wrote:

Maybe I'm paranoid, but after applying DAT 4325 to my Webshield server
this morning to catch this new worm I all of a suddon STOPPED catching
Bagle.B.
Maybe just a coincedence....maybe not.....
---
Pete Fanning
MATC Technical Services
Internet: fanningp@matc.edu
Peter Kruse<kruse@krusesecurity.dk> 2/18/2004 7:57:28 AM >>>
Hi All,

This is a heads up.

A small modification of NetSky-A has started spreading in some
european
countries. Check your favorite AV-vendor for further details.
Regards
Peter Kruse
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] http://federalpolice.com:article872@1075686747
Next by Date: RE: [Full-Disclosure] Re: Second critical mremap() bug found in all Linux kernels
Previous by thread: RE: [Full-Disclosure] W32.Netsky-B.worm spreading (name may vary)
Next by thread: [Full-Disclosure] [SECURITY] [DSA 439-1] New Linux 2.4.16 packages fix several local root exploits (arm)
Index(es):
- Date
- Thread