>PCWorld reports that four antivirus had a quick reaction to the new Storm >Worm variant that has recently started spreading: > > A huge virus surge of a new Storm Worm variant is flooding email inboxes >and evading many antivirus programs. In my tests of 31 programs, only four >reported a virus. Postini, an email security company, says that over the >last 24 hours it has seen about 55 million virus emails, about 60 times the >daily average. [...] At 2:30pm I uploaded the attachment to Virustotal.com, >which uses many different antivirus programs to scan uploads. Of 31 >programs, only four - ClamAV, eSafe, Kaspersky and Symantec - reported a >virus. > >You can read the full news on PCWorld website.
As is the case with nearly all infected emails, they come overwhelmingly from infected PCs on subsciber networks doing direct-to-MX spamming, so that greylisting and/or reject_rbl_client zen.spamhaus.org=127.0.0.4, reject_rbl_client zen.spamhaus.org=127.0.0.11, will block 90% of them at the MX. Len
