RE: [Declude.Virus] Possible new virus

[John T \(Lists\)]

Sorry to say it, but that is why we must be blocking executables and zips that contain executables. For the sake of our clients, we can no longer afford to be reactive, we must be proactive.   I caught a couple hundred using banned BANZIPEXTS as it has an exe payload inside the zip file, the first one being at about 20:25 ET.   John T eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, October 05, 2005 7:46 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Possible new virus   Alot got through today with that one, but its being caught by F-Prot now.   10/05/2005 22:06:18 Q86937B8E01F27E50 MIME file: pword_change.zip [base64; Length=113709 Checksum=13075286] 10/05/2005 22:06:18 Q86937B8E01F27E50 Scanner 2: Virus=W32/[EMAIL PROTECTED] Attachment=pword_change.zip [12] O   My first hit was at 20:02 EST tonight.   Darrell ------------------------------------------- Check out http://www.invariantsystems.com for utilities for Declude And Imail.  IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. ----- Original Message ----- From: Darin Cox To: Declude.Virus@declude.com Sent: Wednesday, October 05, 2005 10:33 PM Subject: [Declude.Virus] Possible new virus   We're seeing a lot of emails with pword_change.zip attached.  May want to block it in your virus.cfg.   Subject is "Your new Password"  All so far were routed through gmx.net or web.de just before delivery, but are originating from a variety of dial-up or broadband ISP accounts. Darin.