This is a general detection for variants in the Netsky virus family. These variants all share a similar pattern of installing themselves to the system, loading at Windows startup, and sending mass amounts of email with a viral attachment to addresses found on the hard drive. The variants share similar code that makes it possible to detect them using a minimal amount of effort or AV definitions.

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option