Virus

W32/Netsky!dam

Analysis

This is a broken sample of the Netsky mass-mailing virus. The sample is broken due to corruption or incorrect handling by a security application. The sample cannot run and cannot infect a system. Many times, this sample will be truncated.
Discard such samples if identified.

Recommended Action

  • This virus can be blocked at the gateway by not allowing .PIF extensions to be delivered. Using the FortiGate manager, make sure .PIF extensions are blocked using SMTP, IMAP and POP3 services
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option