NetSky.p

popvalores · ‎10-14-2005

I have a IPS in the border and have qualified deny packet, deny connection and deny to attacker for the signature of NetSky and have noticed in my internal antivirus that the IPS this not blocking NetSky. The antivirus detects W32/NetSky.p.em What I can do?

wsulym · ‎10-17-2005

What AV solution are you using? I ran a quick search of the more common vendors and can't find reference to this specific version of netsky.

We do have some Netsky covereage, but it is limited to the variants covered by signature 3136.

popvalores · ‎10-21-2005

The AV that use is McAfee.

The AV detect W32/NetSky.d.em!!.exe and W32/NetSky.p.em!!.exe.

I have qualified signature 3136, but even so she does not detect it, blocks it either.

wsulym · ‎10-21-2005

We use TrendMicro's naming of virus'. We detect the P variant in signatures 3136-3 and 3136-4 on virus file attachments ending in "scr", "pif", "cmd", "exe", and "zip" via SMTP.

In an attempt to cross reference McAfee with Trend, W32/NetSky.p.em!!.exe from McAfee looks like it might be the same as Trend's P variant, however I can not be 100% certain.

We do not have a signature for the .d.em variant.

popvalores · ‎11-02-2005

But my IPS is not block all signatures W32/NetSky. How i can do?