Re: [Declude.Virus] New variant as of 15 minutes ago

[Matt]

John, It was an EXE file.  Pretty much all zip viruses are these days.  I only received 8 of these in a 15 minute period and then it was over with for at least that one variant.  I am guessing that gmx.de is aware of the issue and taking steps to prevent it.  Shame on them for being exploitable as a relay (plenty of others like Yahoo and HotMail also should share some blame for lax procedures). I have one thing to add however.  This one came from gmx.net as well as gmx.de. Matt John T (Lists) wrote: Matt, what is the payload inside the zip?   John T eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Thursday, October 06, 2005 9:32 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] New variant as of 15 minutes ago   Same servers, but this time it has a Regis.info.zip attachment and the subject is "Registration Confirmation". Basically I converted to blocking any zips below 200 KB that come from these providers with some filtering and it seems to be working. Matt