Just a general heads-up, until it's added to the virusdb. We've received several of this in the past hour.
The payload is an .rar attachment with a random, numberic file name. The .rar file always contains an executable dddd.exe Otherwise the e-mail is blank. From address is the To: username part on some other domain. We actually received bounces here with the full payload, before receiving any directly. I've put in a quick and dirty procmail rule that is shunting all numeric .rar files, until a sig comes out. And yes, I've submitted samples -- first of a bounce, then of a directly recevied message. ========================================================== Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
