W32/Netsky!dam
Analysis
This is a broken sample of the Netsky mass-mailing virus.
The sample is broken due to corruption or incorrect handling
by a security application. The sample cannot run and cannot
infect a system. Many times, this sample will be truncated.
Discard such samples if identified.
Recommended Action
- This virus can be blocked at the gateway by not
allowing .PIF extensions to be delivered. Using the
FortiGate manager, make sure .PIF extensions are blocked
using SMTP, IMAP and POP3 services
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2020-11-10 | 81.73400 | Sig Updated |
2020-09-02 | 80.07300 | Sig Updated |
2020-09-02 | 80.07200 | Sig Added |
2019-12-31 | 74.20000 | Sig Updated |
2019-08-27 | 71.17600 | Sig Updated |
2019-07-28 | 70.30200 | Sig Updated |
2019-01-29 | 65.99600 | Sig Updated |
2018-12-28 | 65.21900 | Sig Updated |
2018-12-27 | 65.21600 | Sig Updated |