Thanks.
By the time we know if it is a big problem or not, it's always a little
too late.
The writeup had a simple solution, if you can block sites.
A mail like this will pass most corporate email filters. There's no
attachment. There's no masked link either, so phishing filters
probably won't detect it.
It all goes down to whether the end user can be tricked to click on
the link and accept the download or not.
If you're a sysadmin, you might want to block access to www.thefive.us
at your firewall right about now (abuse messages have been sent).
Greg
Colbeck, Andrew wrote:
Forewarned is fore-armed. Blogged by F-Secure here:
http://www.f-secure.com/weblog/#00000682
With a writeup on the virus itself here:
http://www.f-secure.com/v-descs/rbot.shtml
The email seeding run doesn't contain virus, just a scam plus a URL. I
haven't seen any yet, so I can't comment on the source IP addresses or
host types.
Andrew 8)
---
[This E-mail scanned for viruses by Findlay Internet]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
