It is consistant with the description for Bagle.AA . McAfee released new DATs about an hour ago. (Others should be available, now or soon) Bagle.AA http://vil.nai.com/vil/content/v_124875.htm Greg Little PS Interesting Note. This one (AA) was moving very fast. This on just made it to a "medium-on-watch" (above a normal medium). The DATs were release while McAfee (and some other I check) still had it labled as "low". Yesterday's Bagle.Z was getting blocked in quantity here, before any of the companies I check even had a description posted. Conclusion. To have any chance to stop these, you MUST be using extension blocking. The new [Invalid XXX files] test in Declude help a lot also. (As I recall you need a recent, 2 or 3 weeks old version of Declude for these tests.) Jay Calvert wrote: I intercepted an email today that has a subject of Changes... no message body and an attachment called the_message.hta.The hta file is actually VB Script that creates an executable called qwrk.exe Anybody recognize this? --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. |
- [Declude.Virus] Virus name John Tolmachoff \(Lists\)
- RE: [Declude.Virus] Virus name Sharyn Schmidt
- RE: [Declude.Virus] Virus name John Tolmachoff \(Lists\)
- [Declude.Virus] HTA Virus Jay Calvert
- RE: [Declude.Virus] HTA Virus John Tolmachoff \(Lists\)
- Re: [Declude.Virus] Virus name Greg Little
- Re: [Declude.Virus] Virus name Greg Little