Yes, I was alerted to this, and tried to do a quick evaluation using "strings" on the unpacked .zip file. I *think* I see a reference to a german site there, rtog.de or something, although I couldn't get a resolution or whois on that. The end of the .exe refers to all the system DLL's you don't want it to... I don't have a safe test environment in which to run it, but would appreciate any info anyone else discovers about this, for curiosity's sake (not the rice wine!).
Thanks folks, Ben PS - if anyone *really* wants the .zip or .exe, let me know. I will not post it to the list, but can send it privately if needed... On Wed, 3 Mar 2004 14:11:12 -0800 Roger <[EMAIL PROTECTED]> wrote: | So, | The latest virus I received came as a zip file. The zip file needs to be | unzipped *with* a password. Of course the virus writer includes the | password in the email. | | Our anti-virus software is smart enough to scan zip files. But not smart | enough for the password. Now, If I can get the user to *not* un-zip the | file, life will be good. _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug