NetSky and Beagle Viruses

johnjay

hi all,

I'm getting hammered with the above viruses for the past week. My Norton picks up on average 7 emails a day with either of those attached. Is there any way I can trace the source of the emails? They all have legit email addresses, some which are irish based, so I think the viruses are coming from some site that I have signed up to.

Hecate

Yeah I'm getting quite a lot of mails with Beagle in them alright. I think they're just fired off at random addresses within a particular domain, or selected from the victims address book so there isn't that much you can do to stop receiving them.

I usually investigate the headers of these emails, in the received section it appeared as coming from some eircom POP in the galway area. Beagle is a mass mailer with its own smtp engine, so its probably someone on eircom dial up or dsl infected with the virus, I guess you could get onto the ISPs case to block the port that it uses for its backdoor but that would only be a short term thing.

The Dr00g

This kinda rings a bell. I cleaned a PC about a month ago that had similar symptoms. Unfortunately I didn't record the details of the job. All I can remember is that I ran EVERYTHING on it till it behaved properly. I'm sure Netsky was involved, I'm not sure if Bagle was out then, but perhaps it was just emerging.

Here's a list of what I used on that machine:

AVG 6 free edition.
Adaware 6.
Spybot 1.3 beta 6.
CWShredder 1.57. (Note: 1.59.1 is available now).
Hijackthis 1.97.7 (That reminds me... Must check for an update).

Look at other threads in this area for info on how to configure and use the above software properly.

mneylon

The "sending" domain is irrelevant.
You need to check the sending IP.