|
McAfee is catching the "virus generated" e-mails as W32/Mydoom.gen!eml
http://vil.nai.com/vil/content/v_129633.htm But without any real violations (virus or vulnerability) in the e-mail it will be hard for the AV companies to tell good from bad. It will be even harder to write good generic detections that catch future versions of this virus, because the virus writer can change almost everything about the e-mail and the only thing that really counts is "does the link work". I not expect Declude's checking to catch this one. I've been wondering what took the virus writers so long to use this model of distribution, Host the virus on each infected PC. It is much harder to stop at the mail server than an attachment. (And there is no central sever to be shut down.) Given enough variation in the virus generated e-mail, I not sure the AV companies will be able to catch future versions of this virus at the mail server. So far the volume is low (I have yet to get one here). http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.AH&VSect=S&Period=1d But this one or another member of it's family is going to get very wide spread. Greg Little PS Anybody know how the other AV companies are doing on catching the virus generated e-mails? Rick Davidson wrote: Doesn't the newer versions of Declude Virus catch the IFRAME vulnerability? --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. |
- Re: [Declude.Virus] New virus with unusual deployment Rick Davidson
