OK, so it is cpl file, which we should all have in our list of banned extensions including banned if within a zip file, so we should all be safe, correct?
John T eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Dan Geiser > Sent: Monday, September 12, 2005 11:49 AM > To: [email protected] > Subject: Re: [Declude.Virus] Seemingly bad virus this morning > > I opened the zip file and it contained one file called "1.cpl" (without the > quotes). Some sort of malicious Control Panel applet? > > ----- Original Message ----- > From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Monday, September 12, 2005 11:55 AM > Subject: RE: [Declude.Virus] Seemingly bad virus this morning > > > > What is the payload inside the zip? > > > > John T > > eServices For You > > > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > >> On Behalf Of Matt > >> Sent: Monday, September 12, 2005 7:52 AM > >> To: [email protected] > >> Subject: [Declude.Virus] Seemingly bad virus this morning > >> > >> FYI, We found a rapidly spreading zip virus beginning at about 8:15 a.m. > >> this morning, first coming from Eastern Europe. McAfee seems to be > >> detecting all of them now, but F-Prot as of this moment is not on our > >> system. Every attachment name seemingly contained the word "price". > >> Here's a quick filter that I had put together for it: > >> > >> HEADERS END NOTCONTAINS boundary="-------- > >> BODY END NOTCONTAINS attachment; filename=" > >> BODY END NOTCONTAINS .zip" Content-Transfer-Encoding > >> BODY 15 CONTAINS price > >> > >> Matt > >> --- > >> This E-mail came from the Declude.Virus mailing list. To > >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >> type "unsubscribe Declude.Virus". The archives can be found > >> at http://www.mail-archive.com. > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > ------------------------------------------------------------------- > > E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) > > > > > > > ------------------------------------------------------------------- > E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
