W32/Netsky!dam

description-logoAnalysis

This is a broken sample of the Netsky mass-mailing virus. The sample is broken due to corruption or incorrect handling by a security application. The sample cannot run and cannot infect a system. Many times, this sample will be truncated.
Discard such samples if identified.

recommended-action-logoRecommended Action

  • This virus can be blocked at the gateway by not allowing .PIF extensions to be delivered. Using the FortiGate manager, make sure .PIF extensions are blocked using SMTP, IMAP and POP3 services
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2020-11-10 81.73400 Sig Updated
2020-09-02 80.07300 Sig Updated
2020-09-02 80.07200 Sig Added
2019-12-31 74.20000 Sig Updated
2019-08-27 71.17600 Sig Updated
2019-07-28 70.30200 Sig Updated
2019-01-29 65.99600 Sig Updated
2018-12-28 65.21900 Sig Updated
2018-12-27 65.21600 Sig Updated