:: NORMAN :: Antivirus | Firewall

Proactive IT security

Home

News

Support

Partner

Select country

Select product

News » Press releases » 2004 » Norman SandBox reports new unknown worm NetSky.B

Norman SandBox reports new unknown worm NetSky.B

Add to My Norman Bookmarks

PRESS RELEASE
Oslo, 18 February 2004

Norman Data Defense Systems warns against a new Internet mass-mailing worm reported by several users. Norman SandBox technology reports detecting a new worm W32/EmailWorm (named NetSky.B). This is a mass-mailing worm spreading through SMTP. Reports of the worm are so far from customers located in Norway and BeNeLux.

Norman Data Defense Systems current risk evaluation of the new threat is Medium risk.

Norman Data Defense Systems SandBox technology makes it possible to catch viruses and other malicious software before virus signatures have been released. The Norman SandBox technology represents a milestone in non-signature based detection of new, unknown viruses’ utilizing far superior techniques to those adopted by pure heuristics. This unique technology stops and quarantines the malware attacking the machine based on behaviour even before any virus signature file is created for this specific threat.

Report from SandBox displayed to users who have installed Norman Virus Control or Norman Internet Control installed:

’Sandbox: W32/EmailWorm’
Display message box (Error) : The file could not be opened!.
Creates file C:WINDOWSservices.exe.
Creates value "service"="C:WINDOWSservices.exe -serv" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun".
Checks whether computer is connected to Internet.
**Uses IPHLPAPI services.
**Uses IPHLPAPI services.
Connect port 53 [UDP], IP 192.168.0.1.
DNS Server: ID=11DF, Flags=0100, Questions=0001, Answers=0000, Authority=0000, Additional=0000.
-> <Victims domain address>
Attempts to resolve name "".
**Connects SMTP server.
To : <FAKE_EMAIL_ADDR_FROM_SANDBOX>.
From : skynet@skynet.de.
Subject: unknown.
Mass-mailer; spreads through SMTP.

This description is preliminary and will be updated later from Norman Data Defense Systems web site: http://www.norman.com.

Recommendations

Norman Data Defense Systems definitions files from Wednesday, 18 February 2004 have support for the worm.

Norman Data Defense Systems recommends corporate and home users to immediately update installed antivirus products with new definitions files that detect this threat.

We recommend users without protection to download and install an antivirus program immediately.

Contact information

Steinar Wigtil, Director of R&D, Norman Data Defense Systems ASA,
Telephone +47 67 10 97 00, mobile phone +47 41 53 97 29

Audun Lødmel, Marketing, Norman Data Defense Systems ASA,
Telephone +47 67 10 97 79, mobile phone +47 93 44 65 31

Security Information

>>	The Internet Crime Complaint Center's report for 2007
>>	2007

Security News and Advisories

>>	No critical updates for Microsoft systems in July 2008
>>	Three critical updates for Microsoft systems in June 2008

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam and antiadware, the company plays an important role in the data industry.