Advisory
This is a Medium Threat
Advisory for W32/[EMAIL PROTECTED]
Justification
W32/[EMAIL PROTECTED] has been
deemed Medium due to prevalence.
Read About It
Information about
W32/[EMAIL PROTECTED] is located on VIL at:
http://vil.nai.com/vil/content/v_136390.htm
Detection
W32/[EMAIL PROTECTED] was first
discovered on October 5, 2005 and detection will be
added to the 4598 dat files (Release Date: October 5, 2005).
The EXTRA.DAT
IS AVAILABLE.
If you suspect you have W32/[EMAIL PROTECTED], please submit a sample
to
http://www.webimmune.net.
Risk Assessment Definition
For further
information on the Risk Assessment and AVERT Recommended Actions
please see:
http://www.mcafeesecurity.com/us/security/resources/risk_assessment.htm
Best Regards,
McAfee AVERT - Anti Virus and Vulnerability Research, Analysis,
and
Solutions visit us at www.avertlabs.com
----- Original Message -----
Sent: Wednesday, October 05, 2005 10:46
PM
Subject: Re: [Declude.Virus] Possible new
virus
Alot got through today with that one, but its
being caught by F-Prot now.
10/05/2005 22:06:18 Q86937B8E01F27E50 MIME file:
pword_change.zip [base64; Length=113709 Checksum=13075286]
10/05/2005
22:06:18 Q86937B8E01F27E50 Scanner 2: Virus=W32/[EMAIL PROTECTED]
Attachment=pword_change.zip [12] O
My first hit was at 20:02 EST
tonight.
Darrell
-------------------------------------------
Check out
http://www.invariantsystems.com for
utilities for Declude And Imail. IMail Queue Monitoring, Declude
Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log
Parsers.
----- Original Message -----
Sent: Wednesday, October 05, 2005 10:33
PM
Subject: [Declude.Virus] Possible new
virus
We're seeing a lot of emails with
pword_change.zip attached. May want to block it in your
virus.cfg.
Subject is "Your new Password" All
so far were routed through gmx.net or web.de just before delivery, but are
originating from a variety of dial-up or broadband ISP
accounts.
Darin.
