RE: [Declude.Virus] Seemingly bad virus this morning

2005-09-20 Thread Colbeck, Andrew 



FYI, Kaspersky reports that they're now up to something 
like 20 new variants of Bagle between Monday and Tuesday.

Andrew 8)

Re: [Declude.Virus] Seemingly bad virus this morning

2005-09-20 Thread Matt 




I can confirm that F-Prot was again missing the Bagle zips this
morning, however McAfee seems to have caught every one of them with a
generic Bagle definition unlike yesterday. As of 2 p.m., F-Prot was
still missing these Bagles.

Matt

Colbeck, Andrew wrote:

  
  
  FYI, Kaspersky reports that
they're now up to something like 20 new variants of Bagle between
Monday and Tuesday.
  
  Andrew 8)

Re: [Declude.Virus] Seemingly bad virus this morning

2005-09-20 Thread Matt 




Oops, McAfee just slipped. Since 1:09 p.m. EST on my system we
received 52 undetected zips (just over an hour). We caught these all
with a custom filter.

Matt



Colbeck, Andrew wrote:

  
  
  FYI, Kaspersky reports that
they're now up to something like 20 new variants of Bagle between
Monday and Tuesday.
  
  Andrew 8)

RE: [Declude.Virus] Seemingly bad virus this morning

2005-09-20 Thread Colbeck, Andrew 



... and F-Secure notes that they've hit a record of 
publishing 12 pattern updates in one day.

Andrew 8)


  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  MattSent: Tuesday, September 20, 2005 11:28 AMTo: 
  Declude.Virus@declude.comSubject: Re: [Declude.Virus] Seemingly bad 
  virus this morning
  Oops, McAfee just slipped. Since 1:09 p.m. EST on my system 
  we received 52 undetected zips (just over an hour). We caught these all 
  with a custom filter.MattColbeck, Andrew wrote: 
  

FYI, Kaspersky reports that they're now up to something 
like 20 new variants of Bagle between Monday and 
Tuesday.

Andrew 8)

RE: [Declude.Virus] New Variant of Bagle?

2005-09-20 Thread Panda Consulting S.A. Luis Alberto Arango 
Regarding the virus discussed in this post.
Here the official answer from f-prot after sending the file to them

The file that you sent us through our submission form was analyzed as a
security risk named W32/Mitglieder.FI. 

Detection is available in the latest release of our virus signature files.


I encourage all f-prot users to use f-prot submission form as soon as you
find any suspicious file. The sooner and more notifications f-prot gets the
best support and service we can get from them releasing new signature files.

Here the submission form link f-prot has
http://www.f-prot.com/virusinfo/submission_form.html

regards

Luis Arango
 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Mario Antonio
 Sent: Lunes, 19 de Septiembre de 2005 03:04 p.m.
 To: Declude.Virus@declude.com
 Subject: Re: [Declude.Virus] New Variant of Bagle?
 
 After F-prot released the new def this morning, those virus 
 have been caught because of Viruscode 8 configuration.
 
 
 Mario Antonio
 
 
 - Original Message -
 From: Panda Consulting S.A. Luis Alberto Arango 
 [EMAIL PROTECTED]
 To: Declude.Virus@declude.com
 Sent: Monday, September 19, 2005 3:43 PM
 Subject: RE: [Declude.Virus] New Variant of Bagle?
 
 
  I have latest definition signatures and still f-prot 
 doesn't catch the
  virus.
 
  I banned the files while f-prot comes with a definition 
 file that catches
  it.
 
  I already submitted the file to f-prot for analisys.
 
  Zone Alarm antivirus doesn't detect any virus in the file either.
  The zip contains a file named price_list  the size is 35.146
 
  Luis Arango
 
 
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED] On Behalf Of 
 Mario Antonio
   Sent: Lunes, 19 de Septiembre de 2005 09:01 a.m.
   To: Declude.Virus@declude.com
   Subject: [Declude.Virus] New Variant of Bagle?
  
   I see that Declude/F-PROT is not catching these virus:
  
   price.zip, new_price.zip, newprice.zip, price_09.zip,
   price2.zip, new__price.zip
  
   I guess it could be a new variant of W32/[EMAIL PROTECTED] that was
   released on August last year.
  
   or Am I missing something?
  
  
   Mario Antonio
  
   ---
   [This e-mail was scanned for viruses by Webjogger's AntiVirus
   Protection System]
  
   ---
   This E-mail came from the Declude.Virus mailing list.  To
   unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
   type unsubscribe Declude.Virus.The archives can be found
   at http://www.mail-archive.com.
   __
   [Email scanned for viruses]
   [Email escaneado contra virus]
  
 
  __
  [Email scanned for viruses]
  [Email escaneado contra virus]
 
 
  ---
  This E-mail came from the Declude.Virus mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.Virus.The archives can be found
  at http://www.mail-archive.com.
  ---
  [This e-mail was scanned for viruses by Webjogger's 
 AntiVirus Protection
 System]
 
 
 
 ---
 [This e-mail was scanned for viruses by Webjogger's AntiVirus 
 Protection System]
 
 ---
 This E-mail came from the Declude.Virus mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.Virus.The archives can be found
 at http://www.mail-archive.com.
 __
 [Email scanned for viruses]
 [Email escaneado contra virus]
 

__
[Email scanned for viruses]
[Email escaneado contra virus]


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] VBE attachments

2005-09-20 Thread John Tolmachoff \(Lists\) 
Everyone is banning vbe attachments, correct?

http://www.sophos.com/virusinfo/analyses/w32pegasa.html

John T
eServices For You



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.