a new variant of the netsky virus, version D, is set to to clog up more inboxes according to security firm sophos.

http://www.sophos.com/virusinfo/analyses/w32netskyd.html


also freshly out on the net, the new beagle variants.

W32.Beagle.C@mm

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.c@mm.html

W32.Beagle.E@mm

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.e@mm.html

W32.Beagle.F@mm

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.f@mm.html

W32.Beagle.G@mm

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.g@mm.html

good heads up my mate , i am still getting loads of netsky-b attacks :fit:

Thanks for that m8...... :)

EDIT - You like that smiley dont you Paul :D

My AV software, which no one has heard of,:cry: has updated its deffiles twice today.:)

Thanks for that m8...... :)

EDIT - You like that smiley dont you Paul :D




oh yes me does , and i have had a couple of netsky-d ' s just now :fit:

oh yes me does , and i have had a couple of netsky-d ' s just now :fit:

Well - my firewall log is full of nastys trying to get in.....

I dont have that problem with email though. Only .zip files are allowed in - amd only if they can be opened and scanned by the mail server..... :)

Hi all, Outlook has just downloaded this email as spam but found this virus.

Symantec Security Response (http://www.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html)

Not a good one. Im doing a virus scan as we speak.

REMEMBER: Update you virus definations.

WNA

Hi all, Outlook has just downloaded this email as spam but found this virus.

Symantec Security Response (http://www.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html)

Not a good one. Im doing a virus scan as we speak.

REMEMBER: Update you virus definations.

WNA


you got the virus from symantec ?????????????? , or was it spoofed ??????????

you got the virus from symantec ?????????????? , or was it spoofed ?????????? it was spoofed. It wasn't from them.

it was spoofed. It wasn't from them.



had a feeling it might be , so did you get infected then ????????????

My AV, Command CSAV from Authentium, ( the one that Norton doesn't know about :rolleyes: ) Posted deffiles for this yesterday. It has auto updated the deffiles 4 times in the past 36 hours. The latest one about an hour ago, it related to W32/Bagle.I@mm As yet no reference to this can be found on the Symantec web site.:)
Checking deffiles would appear to be essential on a daily basis if you do not have "Auto update enabled" at the moment.

had a feeling it might be , so did you get infected then ???????????? Yep.

Well - my firewall log is full of nastys trying to get in.....

I dont have that problem with email though. Only .zip files are allowed in - amd only if they can be opened and scanned by the mail server..... :)
Stu, have just read this article, would your system protect against these zip files?
http://news.earthweb.com/ent-news/article.php/3319691

duplicate thread

http://forum.nthellworld.co.uk/showthread.php?t=8677

duplicate thread

http://forum.nthellworld.co.uk/showthread.php?t=8677




dont be so cruel and heartless , the poor lad has got an infection , he wants blankets and chicken soup :D :D :D :D , actually i was going to post the same but you beat me too it :rofl: :rofl: :rofl:



@ WNA have you got it sorted ??????????

dont be so cruel and heartless , the poor lad has got an infection , he wants blankets and chicken soup :D :D :D :D , actually i was going to post the same but you beat me too it :rofl: :rofl: :rofl:



@ WNA have you got it sorted ?????????? I bet Kronas started that thread??? BTW i got it sorted.

Nooooooooooo dont open that email WNA....... Oh well - too late :D

Nooooooooooo dont open that email WNA....... Oh well - too late :D Its sorted now anyway. Does anyone know to to import a blobked senders list from OE to Outlook?

I had that today and it put a file in my c:/windows dir called winlogon..

this couldnt be deleted and whenever running caused slow browsing and caused CPU usage to go up.

After removing it from msconfig i was able to remove with no probs..

Anyone with similar?

I had that today and it put a file in my c:/windows dir called winlogon..

this couldnt be deleted and whenever running caused slow browsing and caused CPU usage to go up.

After removing it from msconfig i was able to remove with no probs..

Anyone with similar?



not seen that , mind you my a/v is picking them up so it isnt a problem , what a/v are you running ??????????????

norton updates every week, did liveupdate prior to going to work

Erm :shocking: I just got this C:\System Volume Information\_restore{20DED501-38D8-4892-8EDF-12B721E5C833}\RP157\A0014978.exe
is infected with the W32.Netsky.C@mm virus.
Access to the file was denied.
I didn't even open the file :confused:

Erm :shocking: I just got this I didn't even open the file :confused:
V :confused: I've ran a full system scan, turned off sys restore and am running the w.32netsky removal tool for the second time. Seems like a false alarm :shrug: or maybe it detected the one in quarentine.

Well I've had 16 sent to me at work - luckily the Council's wonderful up to date software detected them all!
(Yes I was surprised too! ;) )

Got Norton Securities 2004, on auto update and it has been catching this one on a regular basis (2 today!). Just got a return from a postmaster claiming that I had sent this damn virus!! And from my main user account!! Come to think of it, it has been playing up for ages, taking forever to download incoming mail with messages in Outlook saying something like "downloading 1 of 88. Time remaining 47 minutes" and I am on 600 service. Now I am confused, just done a forced scan and found no record of any virus(??)

Just got a return from a postmaster claiming that I had sent this damn virus!! And from my main user account!! (??)

Similar happened to me a couple of days ago from an address I'd never heard of and certainly wasn't in my contacts. Sure enough it came complete with its own copy of the Netsky B virus in the alleged returned mail. Damn SNEAKY :fit:

Got Norton Securities 2004, on auto update and it has been catching this one on a regular basis (2 today!). Just got a return from a postmaster claiming that I had sent this damn virus!! And from my main user account!! Come to think of it, it has been playing up for ages, taking forever to download incoming mail with messages in Outlook saying something like "downloading 1 of 88. Time remaining 47 minutes" and I am on 600 service. Now I am confused, just done a forced scan and found no record of any virus(??)

Hi Sipowicz

imo also run an alternative 'spyware' detector, as well as your Norton stuff - adaware, or spybot, for example:)

Hi Sipowicz

imo also run an alternative 'spyware' detector, as well as your Norton stuff - adaware, or spybot, for example:)

Thanks for the input, I have spybot and adaware running.

I had a notification at work today about this latest round of attacks. It described the very sort of message I got about being responsible for sending a virus. It is a technique the virus writers use, whereby they spoof the address of the sender from the address book of someone infected with the virus! I was not aware that they do this sort of thing!

On closer inspection of the postmaster notification, it seems that I "sent" the infected e-mail, whilst at work and with the home pc switched off!

Similar happened to me a couple of days ago from an address I'd never heard of and certainly wasn't in my contacts. Sure enough it came complete with its own copy of the Netsky B virus in the alleged returned mail. Damn SNEAKY :fit:

Ouch! Nasty...........

norton updates every week, did liveupdate prior to going to workOnce a week is not enough, you should be able to set NAV to auto update. if not check every day for new deffiles. My AV from Command/Authentium CSAV has updated automatically 5 times in the past 48 hours.

Once a week is not enough, you should be able to set NAV to auto update. if not check every day for new deffiles. My AV from Command/Authentium CSAV has updated automatically 5 times in the past 48 hours.




same here with avast , updating all the time :eek: :eek: :eek:

Oi, 81.109.35.117 from Renfrew - do a virus scan!

Just received this email

**************** eManager Notification *****************

The following mail was blocked since it contains sensitive content.

Source mailbox: <**me**@ntlworld.com>
Destination mailbox(es): broome@paspaley.com.au
Policy: Attachment Removal
Attachment file name: document_full.pif - application/octet-stream
Action: Replaced with text

The Paspaley Pearls Group email system has detected that you have tried to send an email with an attachment that is not allowed on our network. It was not delivered to its intended reciepent . If this is in error, please notify antispam@paspaley.com.au

******************* End of message *********************



--------------------------------------------------------------------------------


Received: from paspaley.com.au (cpc2-ruth2-5-0-cust117.renf.cable.ntl.com [81.109.35.117])
by ppdwn-ux2.paspaley.com.au (8.12.5/8.11.2) with ESMTP id i24CIamf003396
for <broome@paspaley.com.au>; Thu, 4 Mar 2004 21:48:53 +0930
Message-Id: <200403041218.i24CIamf003396@ppdwn-ux2.paspaley.com.au>
From: **me**@ntlworld.com
To: broome@paspaley.com.au
Subject: Re: Here is the document
Date: Thu, 4 Mar 2004 12:11:54 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0012_000035A7.00002447"
X-Priority: 3
X-MSMail-Priority: Normal

Started getting a few of the B variant again, including one tonight from an IP which translates to cpc3-scun1-4-0-custxxx.nott.cable.ntl.com.

Does anyone know where this is ? The only place I can think of is Scun-thorpe, but that's a long way from Nottingham and I can't think of anyone in that area who would have my e-mail address.

Started getting a few of the B variant again, including one tonight from an IP which translates to cpc3-scun1-4-0-custxxx.nott.cable.ntl.com.

Does anyone know where this is ? The only place I can think of is Scun-thorpe, but that's a long way from Nottingham and I can't think of anyone in that area who would have my e-mail address.

I am getting loads of spoofed mails...

Actualy got one from bill.clinton@thewhitehouse.gov :rofl:

They expect me to open that ??????? Like I am going to know bill clinton :)

I am getting loads of spoofed mails...

Actualy got one from bill.clinton@thewhitehouse.gov :rofl:

They expect me to open that ??????? Like I am going to know bill clinton :)I'm sure he has heard of you, your "reputation" goes before you. :D

I am getting loads of spoofed mails...

Actualy got one from bill.clinton@thewhitehouse.gov :rofl:

They expect me to open that ??????? Like I am going to know bill clinton :)

Yes - the sender was obviously spoofed - but the headers show it originated from the quoted source.

is anyone still getiing netsky viruses , i havent had any for ages , has ntl done something about this ??????????

Seems to be quieter here too but got a Netsky.P just yesterday. Perhaps the peeps with our addresses who are infected have finally done something about it.

I hadn't had any for a couple of weeks till Wednesday night then I got about a dozen, none since luckily. Tbh didn't notice whether they were "P" or not though :)