Re: [Declude.Virus] New Virus Strain Pounding my systems

Wed, 23 Nov 2005 10:26:18 -0800 

Darin,
Would you add these to virus.cfg?  Similir to BANEXT?

Thanks,
Dan
----- Original Message ----- From: "Darin Cox" <[EMAIL PROTECTED]> 
To: <[email protected]>
Sent: Monday, November 21, 2005 5:04 PM
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
For those of us poor saps who don't have Pro, here's a compiled list from a 
couple of sources of zip filenames to ban.
Due to the variation in filenames, it would be useful to have BANNAME allow 
some minimal pattern matching.  That would have made this list a bit
shorter.

# Added 11/21/2005 to handle new Sober.X/Z variants
BANNAME downloadm.zip
BANNAME Ebay.zip
BANNAME Ebay-User_RegC.zip
BANNAME Email.zip
BANNAME Email_text.zip
BANNAME injection.zip
BANNAME mail.zip
BANNAME mailtext.zip
BANNAME reg_pass.zip
BANNAME reg_pass-data.zip

BANNAME Service.zip
BANNAME Webmaster.zip
BANNAME Postman.zip
BANNAME Info.zip
BANNAME Hostmaster.zip
BANNAME Postmaster.zip
BANNAME Admin.zip

BANNAME Service-TextInfo.zip
BANNAME Webmaster-TextInfo.zip
BANNAME Postman-TextInfo.zip
BANNAME Info-TextInfo.zip
BANNAME Hostmaster-TextInfo.zip
BANNAME Postmaster-TextInfo.zip
BANNAME Admin-TextInfo.zip

BANNAME Downloads.zip
BANNAME BKA.zip
BANNAME Internet.zip
BANNAME Post.zip
BANNAME Anzeige.zip
BANNAME BKA.Bund.zip

BANNAME AkteDownloads.zip
BANNAME AkteBKA.zip
BANNAME AkteInternet.zip
BANNAME AktePost.zip
BANNAME AkteAnzeige.zip
BANNAME AkteBKA.Bund.zip

BANNAME Kandidat.zip
BANNAME WWM.zip
BANNAME Auslosung.zip
BANNAME Casting.zip
BANNAME Gewinn.zip
BANNAME Info.zip
BANNAME RTL-Admin.zip
BANNAME RTL.zip
BANNAME Webmaster.zip
BANNAME RTL-TV.zip

BANNAME Kandidat_Text.zip
BANNAME WWM_Text.zip
BANNAME Auslosung_Text.zip
BANNAME Casting_Text.zip
BANNAME Gewinn_Text.zip
BANNAME Info_Text.zip
BANNAME RTL-Admin_Text.zip
BANNAME RTL_Text.zip
BANNAME Webmaster_Text.zip
BANNAME RTL-TV_Text.zip



Darin.
----- Original Message ----- From: "John T (Lists)" <[EMAIL PROTECTED]> 
To: <[email protected]>
Sent: Monday, November 21, 2005 4:53 PM
Subject: RE: [Declude.Virus] New Virus Strain Pounding my systems
If you have Pro version you should be always blocking using "BANZIPEXTS ON" 
and "BANEZIPEXTS ON".

John T
eServices For You


-----Original Message-----
From: [EMAIL PROTECTED]

[mailto:[EMAIL PROTECTED]

On Behalf Of Rick Davidson
Sent: Monday, November 21, 2005 12:12 PM
To: [email protected]
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems

It is coming in with alot of different zip file names and body names now,

I

blocked all zip files and submitted samples

I am really getting hit hard

Rick Davidson
National Systems Manager
North American Title Group
440-639-0607 - Office
951-233-6342 - Mobile
[EMAIL PROTECTED]
-
----- Original Message -----
From: "Matt" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, November 21, 2005 2:51 PM
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
> McAfee is detecting this currently as W32/[EMAIL PROTECTED] F-Prot is > still 
> missing it.  My first hit was at 2:08 p.m. EST, just 40 minutes ago and
> McAfee seems to have had this one tagged prior to the outbreak starting
> since none have slipped through yet.
>
> Matt
>
>
>
> Rick Davidson wrote:
>
>> heads up folks, I am stopping a new zip virus with the following

junkmail

>> rules, this is all I have seen so far. Contains an exacutable payload
>> called File-packed_dataInfo.exe
>>
>> Rick Davidson
>> National Systems Manager
>> North American Title Group
>> 440-639-0607 - Office
>> 951-233-6342 - Mobile
>> [EMAIL PROTECTED]
>> -
>> ---
>> This E-mail came from the Declude.Virus mailing list.  To
>> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>> type "unsubscribe Declude.Virus".    The archives can be found
>> at http://www.mail-archive.com.
>>
>>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".    The archives can be found
> at http://www.mail-archive.com.
>
>

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.
-------------------------------------------------------------------
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)




-------------------------------------------------------------------
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

Reply via email to