Like you, AVG and F-Prot don't catch them here but Virusscan does. Declude Virus does
toss out a warning: Warning: file#=224 (00000224.js ... )
Also seems to be a dictionary type attack given the recipients names.
09/05/2004 11:08:01 Q39d809bf029cc654 MIME file: [text/html][quoted-printable;
Length=2086 Checksum=144666]
09/05/2004 11:08:01 Q39d809bf029cc654 Found potentially dangerous stuff in
D:\IMail\spool\D39d809bf029cc654.vir\0.!
09/05/2004 11:08:02 Q39d809bf029cc654 Warning: file#=224 (00000224.js ... )
09/05/2004 11:08:02 Q39d809bf029cc654 Scanner 3: Virus= the JS/Zerolin trojan !!!
Attachment=[Unknown: Err] [26] O
09/05/2004 11:08:02 Q39d809bf029cc654 File(s) are INFECTED [ the JS/Zerolin trojan
!!!: 13]
09/05/2004 11:08:02 Q39d809bf029cc654 Scanned: CONTAINS A VIRUS [MIME: 2 2344]
09/05/2004 11:08:02 Q39d809bf029cc654 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]
[outgoing from 203.200.31.7]
09/05/2004 11:08:02 Q39d809bf029cc654 Subject: submissions end september 28th - Sun,
05 Sep 2004 14:05:50 -0200
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 09/07/04 04:26PM >>>
Hi,
I am seeing my McAfee scanner catch these JS/Zerolin viruses but FProt
(3.15a) does not see them at all.
Does anyone know why that might be?
Goran Jovanovic
The LAN Shoppe
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
