I just started receiving copies of a new virus that F-Prot flags, but with the descriptive label of "Unknown" (at least out of Declude). The messages are all around 86k in size, and contain a gif and an encrypted zip file. It pretends to be sending you a password for some unnamed
zombie due to the reverse DNS I noted. I
submitted my sample to Trend and to ClamAV.
Andrew
8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary SteinerSent:
Tuesday, June 20, 2006 12:42 PMTo:
declude.virus@declude.comSubject: [Declude.Virus] another new
:
declude.virus@declude.comSubject: RE: [Declude.Virus] another new
virus
Ditto.
F-Prot notices that the zip file is password protected
and I can see that there is a very-Bagle-ish gif fileof the
password.
David Barker's earlier response of
using:
BANEXT
EZIP
in your
to combine this test
with some mailfrom validating test as this addresses are
forged.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Tuesday, April 19, 2005 3:33 AMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Another new
virus
@declude.com
Subject: Re: [Declude.Virus] Another new virus
FYI, I have found that F-Prot continues to throw Virus Code 8 for what
McAfee is detecting as Bagle.gen even though 4 or so days have past.
I'm not clear on whether or not this is intentional in F-Prot or if
this is one
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Tuesday, April 19, 2005 3:56 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Another new
virus
Markus,This will work great with things like my IPINMX test
which is anything that doesn't hit IPNOTINMX and has
]]
On Behalf Of Matt
Sent: Tuesday, April 19, 2005 3:33 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Another new virus
FYI, I have found that F-Prot continues to throw Virus Code 8 for what
McAfee is detecting as Bagle.gen even though
PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Another new virus
I've seen one sample in the last few minutes. It arrives as jokes.zip,
and
www.virustotal.com describes the enclosed 123456.exe as:
This is a report processed by VirusTotal on 04/16/2005 at 00:11:32 (CET
, 2005 3:14 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Another new virus
I've seen one sample in the last few minutes. It arrives as jokes.zip,
and
www.virustotal.com describes the enclosed 123456.exe as:
This is a report processed by VirusTotal on 04/16/2005
I also wanted to add that the zip file viruses did finally slip
through my server on Saturday morning for a period of a few hours
The Saturday onslaught was unusual in
that they managed to hit multiple accounts and get by multiple systems (F-prot
and Brightmail). The only good thing
I am getting lots of banned attachment notices and lots of bounces in the
last 90 minutes.
THANKFULLY, I am blocking zip files which contain executables otherwise
these would have all be delivered to users.
Any one have an idea of what this one is, it is kind of acting like Bagle.
John T
, 2005 4:33 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Another new virus
I am getting lots of banned attachment notices and lots of bounces in the
last 90 minutes.
THANKFULLY, I am blocking zip files which contain executables otherwise
these would have all be delivered to users.
Any
You guys are all pretty funny with your "thankfully" stuff. Remember,
this is all just a collection of opinions. I have no issues, and
haven't for some time.
Anyway, I don't bounce messages for any tagged virus so I haven't been
having issues with Mytob causing backscatter since Declude
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Friday, April 15, 2005 2:33 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Another new virus
I am getting lots of banned attachment notices and lots of bounces in the last
90 minutes
Is there another new virus??
I just got a notification from our IMail/Declude
that said:
Unknown
VirusUnknown Filemuch the same as MyParty did beforeFProt
was updated to identify it by name.
~JP~
Shop till Ya Drop @EastARK SuperStorehttp://EastARK.exciteshops.com
15 matches
Mail list logo
