 |
         |
 |
PRESS
RELEASE Oslo, 18 February 2004 Norman SandBox reports new unknown worm NetSky.B |
|
|||||||||||||
|
Norman Data Defense Systems
warns against a new Internet mass-mailing worm reported by
several users. Norman SandBox technology reports detecting
a new worm W32/EmailWorm (named NetSky.B). This is a
mass-mailing worm spreading through SMTP. Reports of the
worm are so far from customers located in Norway and
BeNeLux. Norman Data Defense Systems current risk evaluation of the new threat is Medium risk. Norman Data Defense Systems SandBox technology makes it possible to catch viruses and other malicious software before virus signatures have been released. The Norman SandBox technology represents a milestone in non-signature based detection of new, unknown viruses' utilizing far superior techniques to those adopted by pure heuristics. This unique technology stops and quarantines the malware attacking the machine based on behaviour even before any virus signature file is created for this specific threat. Report from SandBox displayed to users who have installed Norman Virus Control or Norman Internet Control installed: 'Sandbox: W32/EmailWorm' Display message box (Error) : The file could not be opened!. Creates file C:\WINDOWS\services.exe. Creates value "service"="C:\WINDOWS\services.exe -serv" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". Checks whether computer is connected to Internet. **Uses IPHLPAPI services. **Uses IPHLPAPI services. Connect port 53 [UDP], IP 192.168.0.1. DNS Server: ID=11DF, Flags=0100, Questions=0001, Answers=0000, Authority=0000, Additional=0000. -> <Victims domain address> Attempts to resolve name "". **Connects SMTP server. To : <FAKE_EMAIL_ADDR_FROM_SANDBOX>. From : skynet@skynet.de. Subject: unknown. Mass-mailer; spreads through SMTP. This description is preliminary and will be updated later from Norman Data Defense Systems web site: http://www.norman.com. Recommendations Norman Data Defense Systems definitions files from Wednesday, 18 February 2004 have support for the worm. Norman Data Defense Systems recommends corporate and home users to immediately update installed antivirus products with new definitions files that detect this threat. We recommend users without protection to download and install an antivirus program immediately. For further
information, please contact
|
|||||||||||||||
| More Press Release here | |||||||||||||||
 |
ABOUT SAV25
USER AGREEMENT
PRIVACY
POLICY CONTACT
US SAV25 Data Systems appropriate solutions Copyright ©1999-2005 SAV25 DATA SYSTEMS. All Rights Reserved All Product names, trademarks, trade names, service marks and logos included in this site are the property of their respective companies and/or affiliate companies. For best viewing, use Opera 8.02 or higher or Internet Explorer 6.X or Firefox 1.X at 800X600 resolution |