Virus Alert: NetSky.B

**Lv4** · February 19th, 2004, 07:00 PM

ack, this thing is a bitch. On of the large banks that is our customer (when I say large I mean farking HUGE) has just killed their internet connection because of this. The problem they are having is trying to filter this thing, they are getting so many copies of it that their exchange servers were brought to their knees. I'll post more information as I get it from them, but you might want to keep an eye out on how fast this one ramps up.... fwiw Symantec has listed this as a Severe risk.

**JuJuBeans** · February 19th, 2004, 07:16 PM

Sounds like this virus has a lot of words.

***DjM*** · February 19th, 2004, 07:23 PM

Originally posted here by JuJuBeans
Sounds like this virus has a lot of words.

WHAT ? ? ?

**Lv4** · February 19th, 2004, 07:40 PM

Ok so I just talked to one of the sr. admins at the bank in question and what they are seeing is effectively a DoS attack but an email based DoS... they are/were getting this thing in the thousands per minute which was more than enough to bring down their servers. I'm not sure what they are going to do from this point, but like I said before I'll post more information as I get it from them... hehe, this has made for a halfway interesting day for me

**gpshewan** · February 19th, 2004, 07:50 PM

Originally posted here by Lv4
Ok so I just talked to one of the sr. admins at the bank in question and what they are seeing is effectively a DoS attack but an email based DoS...

It's not a specific thing to the payload though(?) ...although I don't know if it's been fully dissected yet. Does this mean we are seeing a HUGE number of infections?

Message Labs are saying:

Due to uncharacteristically high mail volume, threat statistics on our website are currently lagging actual data. Please click here for the latest information on the W32/Bagle.B-mm outbreak.

**Lv4** · February 19th, 2004, 07:58 PM

Originally posted here by gpshewan
It's not a specific thing to the payload though(?) ...although I don't know if it's been fully dissected yet. Does this mean we are seeing a HUGE number of infections?

that is correct, at least at this bank it is not specific to the payload itself. They have the correct dat files in place and have been filtering attachments, they just have been getting so many copies of this virus that their servers just cannot keep up. Right now I don't know if it's because a machine inside their network was infected, or if this is all external mail that is coming to them.

I know that Symantec says there are well over 1000 infections at this point, but I'm sure there are many more than that.

So far though, here at my work, we haven't seen a single copy of this virus. It looks to be very sporatic at best.

**JuJuBeans** · February 19th, 2004, 07:59 PM

Turn off email, til it go away.

**w0lverine** · February 19th, 2004, 08:06 PM

Turn off email, til it go away.

you can run but you cannot hide. a new one is created every day how long would you turn off your e-mail

**gpshewan** · February 19th, 2004, 08:07 PM

Sounds interesting. Although as it's searches for email addresses it sounds as if either a machine at the bank is infected or a third party network is infected as not many Joe and Josephine Bloggs have bank email addresses.

**gpshewan** · February 19th, 2004, 08:11 PM

Originally posted here by JuJuBeans
Turn off email, til it go away.

Have you any idea what sort of crisis that would bring to a bank? I've worked in banks for years and you suffer the odd system outage and that brings on MAJOR panic in some departments.

Thread: Virus Alert: NetSky.B

Thread Tools

Display

Posting Permissions