Martin, While this attachment certainly seems related to the latest MyDoom variant infestation, I was correct about it being "junk." Sophos reported back that it was indeed non-viral. I'm still seeing a fair number of these "junk" attachments getting caught by my gateway.
Message from Sophos: "Please quote [TE4-VV37-MNWM] in the subject line of any further correspondence related to this query. Hello Shawn, All of the files that you sent in were harmless junk files. They were likely created and corrupted by W32/MyDoom-O. As a result they are non-viral. Regards, Michele" Take care, Shawn -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Monday, July 26, 2004 9:03 PM To: Exchange Discussions Subject: RE: 2k e-mail .com email (virus variant? no, just junk) Mydoom.m http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM. M -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shawn Connelly Sent: Monday, July 26, 2004 4:44 PM To: Exchange Discussions Subject: 2k e-mail .com email (virus variant? no, just junk) Since this morning, my email gateway (GFI) has caught over five hundred emails containing a 2K .com attachment. The files are typically named, "mycompany.doc .com." All five virus checkers (Sophos, Trend, McAfee, Bitdefender, and Kaspersky) did not find anything suspicious. I have investigated the attachment with a hex editor and I found them to be nothing more than nonsensical junk. Just in case, however, I've sent a copy to Sophos for analysis and await a response (I expect to receive an answer in about 2 hours). Best regards, Shawn ---------------------------------------------------------------------------- --- Dipix Technologies Inc. - www.dipix.com ======================================================================== This email was scanned and certified as free from any known malicious data. However, any attached files opened by you is done so at your own risk! The information contained in this message is intended only for the personal and confidential use of the designated recipients named herein. As of May 25, 2004, if this disclaimer is not included, then this email did not originate from Dipix Technologies Inc. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
