: [Declude.Virus] Possible new virus
We're seeing a lot of emails with pword_change.zip
attached. May want to block it in your virus.cfg.
Subject is"Your new Password" All so
far were routed through gmx.net or web.de just before delivery, but are
originating from a variety of dial-up or bro
We're seeing a lot of emails with pword_change.zip
attached. May want to block it in your virus.cfg.
Subject is"Your new Password" All so
far were routed through gmx.net or web.de just before delivery, but are
originating from a variety of dial-up or broadband ISP
accounts.
Darin.
.
- Original Message -
From:
Darin Cox
To: Declude.Virus@declude.com
Sent: Wednesday, October 05, 2005 10:33
PM
Subject: [Declude.Virus] Possible new
virus
We're seeing a lot of emails with
pword_change.zip attached. May want to block it in your
virus.cfg
This is scary. I verified the same pattern of the messages all being
relayed through one of those two servers. The headers of the messages
also show randomization in both the types of headers as well as the
basic construct of things like message boundaries. This is very
spammy, and it is a
My first hit was right around that time as
well. That's a quick catch by FProt.
Darin.
- Original Message -
From: Darrell
([EMAIL PROTECTED])
To: Declude.Virus@declude.com
Sent: Wednesday, October 05, 2005 10:46 PM
Subject: Re: [Declude.Virus] Possible new virus
Alot got through
@declude.com
Sent: Wednesday, October 05, 2005 10:46
PM
Subject: Re: [Declude.Virus] Possible new
virus
Alot got through today with that one, but its
being caught by F-Prot now.
10/05/2005 22:06:18 Q86937B8E01F27E50 MIME file:
pword_change.zip [base64; Length=113709 Checksum=13075286
I have seen in the last hour 4 e-mails blocked for [RAR-EXE] and each one
had a blank subject line.
Each one also had the recipients user part of the e-mail address as the
sender's user part of the e-mail address.
John T
eServices For You
---
This E-mail came from the Declude.Virus mailing
I had some today that fit this description.
Mcafee found them as: the W32/[EMAIL PROTECTED]
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.Virus@declude.com
Sent: Thursday, April 14, 2005 4:19 PM
Subject: [Declude.Virus] Possible new virus?
I have
I am seeing e-mail being caught with the Space Gap vulnerability.
A user requested the file and upon investigating, it includes a scr or pif
file.
Declude Virus log is showing a jpg or gif image.
The first line of the body is a link to the ad site yimg.com to gif or jpg
images on that site.
I just received two e-mails from Symantec which appear in every right to be
legit.
However, it contained 13 gif files and a zip file.
Any one else seeing this?
I did send one to virustrap.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses
I just received two e-mails from Symantec which appear in every right to be
legit.
However, it contained 13 gif files and a zip file.
Any one else seeing this?
I did send one to virustrap.
This is very odd. The E-mail definitely did come from Symantec. It did
not, however, contain a virus.
11 matches
Mail list logo
