Yep. I've added several more today, but haven't had time to research all of the Bagle, MyTob, and Sober variants to see if this is an exhaustive list of attachments.
BANNAME accept-terms.zip BANNAME accepted-password.zip BANNAME account-details.zip BANNAME account-info.zip BANNAME account-password.zip BANNAME account-report.zip BANNAME approved-password.zip BANNAME claim-infomation.zip BANNAME claim-prize.zip BANNAME details.zip BANNAME document.zip BANNAME email-details.zip BANNAME email-password.zip BANNAME important-details.zip BANNAME merchandise.zip BANNAME msg.zip BANNAME new-password.zip BANNAME password.zip BANNAME question_list.zip BANNAME readme.zip BANNAME ship-prize.zip BANNAME shipping-details.zip BANNAME terms.zip BANNAME updated-password.zip BANNAME winner-details.zip BANNAME winnings.zip BANNAME winnings-report.zip BANNAME Alice.zip BANNAME Cybil.zip BANNAME Edmund.zip BANNAME Elizabeth.zip BANNAME Emanuel.zip BANNAME Ester.zip BANNAME Judeth.zip BANNAME Margerye.zip BANNAME Martha.zip BANNAME Nathaniel.zip Darin. ----- Original Message ----- From: "Dan Geiser" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, November 23, 2005 1:15 PM Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems Darin, Would you add these to virus.cfg? Similir to BANEXT? Thanks, Dan ----- Original Message ----- From: "Darin Cox" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, November 21, 2005 5:04 PM Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems > For those of us poor saps who don't have Pro, here's a compiled list from > a > couple of sources of zip filenames to ban. > > Due to the variation in filenames, it would be useful to have BANNAME > allow > some minimal pattern matching. That would have made this list a bit > shorter. > > # Added 11/21/2005 to handle new Sober.X/Z variants > BANNAME downloadm.zip > BANNAME Ebay.zip > BANNAME Ebay-User_RegC.zip > BANNAME Email.zip > BANNAME Email_text.zip > BANNAME injection.zip > BANNAME mail.zip > BANNAME mailtext.zip > BANNAME reg_pass.zip > BANNAME reg_pass-data.zip > > BANNAME Service.zip > BANNAME Webmaster.zip > BANNAME Postman.zip > BANNAME Info.zip > BANNAME Hostmaster.zip > BANNAME Postmaster.zip > BANNAME Admin.zip > > BANNAME Service-TextInfo.zip > BANNAME Webmaster-TextInfo.zip > BANNAME Postman-TextInfo.zip > BANNAME Info-TextInfo.zip > BANNAME Hostmaster-TextInfo.zip > BANNAME Postmaster-TextInfo.zip > BANNAME Admin-TextInfo.zip > > BANNAME Downloads.zip > BANNAME BKA.zip > BANNAME Internet.zip > BANNAME Post.zip > BANNAME Anzeige.zip > BANNAME BKA.Bund.zip > > BANNAME AkteDownloads.zip > BANNAME AkteBKA.zip > BANNAME AkteInternet.zip > BANNAME AktePost.zip > BANNAME AkteAnzeige.zip > BANNAME AkteBKA.Bund.zip > > BANNAME Kandidat.zip > BANNAME WWM.zip > BANNAME Auslosung.zip > BANNAME Casting.zip > BANNAME Gewinn.zip > BANNAME Info.zip > BANNAME RTL-Admin.zip > BANNAME RTL.zip > BANNAME Webmaster.zip > BANNAME RTL-TV.zip > > BANNAME Kandidat_Text.zip > BANNAME WWM_Text.zip > BANNAME Auslosung_Text.zip > BANNAME Casting_Text.zip > BANNAME Gewinn_Text.zip > BANNAME Info_Text.zip > BANNAME RTL-Admin_Text.zip > BANNAME RTL_Text.zip > BANNAME Webmaster_Text.zip > BANNAME RTL-TV_Text.zip > > > > Darin. > > > ----- Original Message ----- > From: "John T (Lists)" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Monday, November 21, 2005 4:53 PM > Subject: RE: [Declude.Virus] New Virus Strain Pounding my systems > > > If you have Pro version you should be always blocking using "BANZIPEXTS > ON" > and "BANEZIPEXTS ON". > > John T > eServices For You > >> -----Original Message----- >> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] >> On Behalf Of Rick Davidson >> Sent: Monday, November 21, 2005 12:12 PM >> To: [email protected] >> Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems >> >> It is coming in with alot of different zip file names and body names now, > I >> blocked all zip files and submitted samples >> >> I am really getting hit hard >> >> Rick Davidson >> National Systems Manager >> North American Title Group >> 440-639-0607 - Office >> 951-233-6342 - Mobile >> [EMAIL PROTECTED] >> - >> ----- Original Message ----- >> From: "Matt" <[EMAIL PROTECTED]> >> To: <[email protected]> >> Sent: Monday, November 21, 2005 2:51 PM >> Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems >> >> >> > McAfee is detecting this currently as W32/[EMAIL PROTECTED] F-Prot is >> > still >> > missing it. My first hit was at 2:08 p.m. EST, just 40 minutes ago and >> > McAfee seems to have had this one tagged prior to the outbreak starting >> > since none have slipped through yet. >> > >> > Matt >> > >> > >> > >> > Rick Davidson wrote: >> > >> >> heads up folks, I am stopping a new zip virus with the following > junkmail >> >> rules, this is all I have seen so far. Contains an exacutable payload >> >> called File-packed_dataInfo.exe >> >> >> >> Rick Davidson >> >> National Systems Manager >> >> North American Title Group >> >> 440-639-0607 - Office >> >> 951-233-6342 - Mobile >> >> [EMAIL PROTECTED] >> >> - >> >> --- >> >> This E-mail came from the Declude.Virus mailing list. To >> >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> >> type "unsubscribe Declude.Virus". The archives can be found >> >> at http://www.mail-archive.com. >> >> >> >> >> > --- >> > This E-mail came from the Declude.Virus mailing list. To >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> > type "unsubscribe Declude.Virus". The archives can be found >> > at http://www.mail-archive.com. >> > >> > >> >> --- >> This E-mail came from the Declude.Virus mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.Virus". The archives can be found >> at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > ------------------------------------------------------------------- > E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) > > ------------------------------------------------------------------- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
