 |
 | Two New Viruses: Sasser and Netsky-AC |  |
|
jamie
HostMySite Sales Rep
|
|
There are two new viruses out since this weekend. The Sasser Worm, which is similar to Blaster (although it doesn't use the SQL port as that one did) and another email that purportedly offers a "fix" for the Sasser worm actually infects the user's computer with a different virulent worm, known as Netsky-AC. Here's a CNN article about the worms:
http://www.cnn.com/2004/TECH/internet/05/03/sasser.worm/index.html Here's the Symantec Link Sasser: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html Note: that link is for the main variant; there are at least 4 known variants as of Monday evening. The NetSky-AC worm can be easily stopped by filtering emails containing a *.pif attachment, as that is it's only payload. |
|||||||||||
|
|||||||||||||
 |
| |
|
jamie
HostMySite Sales Rep
|
|
The filter for an attachment looks like this:
If BODY contains name=.{1,64}\.pif I would filter the following attachments (if they're not needed) .exe .pif .scr .vbs .shs .com .tar .zip |
|||||||||||
|
|||||||||||||
|
| |
|
dan
HostMySite Tech
|
|
Great Tip Jamie, a quick disclaimer however, adding filters is always a very trickey process. If you have added filters in the past and have noticed some emails not coming through. Try removing your filters and having a friend resend the message to see if it goes through..
|
|||||||||||
|
|||||||||||||
|
| |
|
jamie
HostMySite Sales Rep
|
|
Alternatively, instead of deleting the emails that get filtered, simply move them to a subfolder of your account so you can check on them if you're concerned that something was misplaced
|
|||||||||||
|
|||||||||||||
|
 | Two New Viruses: Sasser and Netsky-AC | |
|
||
|
|
|