Re: [Clamav-users] New variant Bagle not being detected?

Mon, 26 Jul 2004 13:22:35 -0700 

I'm seeing this too. I've updated ClamAV to the latest CVS version to see if that 
helps.

>>> [EMAIL PROTECTED] 07/26/04 12:48PM >>>
----- Original Message ----- 
From: "Mike Brodbelt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 11:28 AM
Subject: [Clamav-users] New variant Bagle not being detected?


> Hi,
>
> I got a suspicious mail this morning which looked very like a virus, and
> I'm now receiving reports from a neighbouring institution that they are
> getting hit with the same thing. It is rumored to be a new variant of
> Bagle, though noting I have picks it up yet.
>
> The mail goes something like this:-
>
> ================================
> Dear user of acu.ac.uk,
>
> We have received reports that your e-mail account was used to send a
> huge amount of junk e-mail messages during this week.
> Most likely, your computer was infected and now runs a trojaned proxy
> server.
>
> Please follow the instruction in order to keep your computer safe.
>
> Sincerely yours,
> The acu.ac.uk support team."
> ================================
>
> It also contains at attached zip file, which contains a file named
> amcluv.htm(lots of embedded nulls).com
>
> The neighbouring institution had their domain in the mail, instead of
> mine, so the virus appears to be attempting a bit of socian engineering.
> Also, the from address was forged to be from MAILER-DAEMON at my domain.
>
> Has anyone else seem this?
Yep, We have!

I provided samples via the web site too.  Perhaps it's already being worked
on?

> I've submitted it to the ClamAV database, and
> received a "thank you" note, telling me the submission has not been
> added, and giving no information as to why not, which is less helpful

I thought the exact same thing.  I presume an update is forthcoming.

> than I'd have hoped... The online scanner does not currently pick it up.
> Is there a way I can manually extract a signature to add to my local
> database, if ClamAV won't do it?
Yep, see signatures.pdf  (or get it from the support documentation of
clamav's web site if you didn't already have it)

-Troy

>
> Mike.
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click 
> _______________________________________________
> Clamav-users mailing list
> [EMAIL PROTECTED] 
> https://lists.sourceforge.net/lists/listinfo/clamav-users 
>
>
> !DSPAM:4105335d145831575618569!
>
>
>
>



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click 
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED] 
https://lists.sourceforge.net/lists/listinfo/clamav-users 



------------------------------------------------------
NOTE: This message was auto-learned as non-spam.  If this is wrong,
please correct the training as soon as possible.
SPAM filtering options: Spam is defined as unsolicited commercial email.
------------------------------------------------------
ITS has provided the following optional links to train our Anti-Spam system.
If the subject contains a "___" then this email was identified as possible Spam.

If you wish to identify this email as SPAM then click here.
Spam:        
http://ns1b.hillsboroughcounty.org/canit/b.php?c=s&i=408634&m=fc3b5b952bf0 

If you wish to identify this email as not being Spam then click here.
Not spam:    
http://ns1b.hillsboroughcounty.org/canit/b.php?c=n&i=408634&m=fc3b5b952bf0 
------------------------------------------------------





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to