RE: [Declude.Virus] Seemingly bad virus this morning

Virus] Seemingly bad virus this morning Oops, McAfee just slipped.  Since 1:09 p.m. EST on my system we received 52 undetected zips (just over an hour).  We caught these all with a custom filter.MattColbeck, Andrew wrote: FYI, Kaspersky reports that they're now up to

Re: [Declude.Virus] Seemingly bad virus this morning

Oops, McAfee just slipped.  Since 1:09 p.m. EST on my system we received 52 undetected zips (just over an hour).  We caught these all with a custom filter. Matt Colbeck, Andrew wrote: FYI, Kaspersky reports that they're now up to something like 20 new variants of Bagle between Mond

Re: [Declude.Virus] Seemingly bad virus this morning

I can confirm that F-Prot was again missing the Bagle zips this morning, however McAfee seems to have caught every one of them with a generic Bagle definition unlike yesterday.  As of 2 p.m., F-Prot was still missing these Bagles. Matt Colbeck, Andrew wrote: FYI, Kaspersky reports th

RE: [Declude.Virus] Seemingly bad virus this morning

FYI, Kaspersky reports that they're now up to something like 20 new variants of Bagle between Monday and Tuesday.   Andrew 8)    

Re: [Declude.Virus] Seemingly bad virus this morning

: [Declude.Virus] Seemingly bad virus this morning Scott and Andrew,It does in fact work on my system.  I'm using Wget 1.8.1+cvs.  The beta definitions do change very frequently, so this might throw you off.  Try executing a derivative of the following command twice and see

Re: [Declude.Virus] Seemingly bad virus this morning

: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Seemingly bad virus this morning Scott and Andrew, It does in fact work on my system.  I'm using Wget 1.8.1+cvs.  The beta definitions do change very frequently, so this might throw you off.  Try executing a derivat

RE: [Declude.Virus] Seemingly bad virus this morning

, and things weren't perfectly synched.   I'm using 1.10-something.   Andrew 8)   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Monday, September 12, 2005 3:35 PMTo: Declude.Virus@declude.comSubject: Re: [Declude.Virus] Seemingly bad vir

Re: [Declude.Virus] Seemingly bad virus this morning

N and get the full download every time. - Original Message - From: Matt To: Declude.Virus@declude.com Sent: Monday, September 12, 2005 4:13 PM Subject: Re: [Declude.Virus] Seemingly bad virus this morning Nice script, but the executables don

RE: [Declude.Virus] Seemingly bad virus this morning

: Monday, September 12, 2005 2:47 PMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Seemingly bad virus this morning Scott, in various older versions of wget, the -N parameter as well as the --header=Accept-Encoding:gzip parameter plain old didn't work.  Pick up the cu

RE: [Declude.Virus] Seemingly bad virus this morning

ECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Monday, September 12, 2005 2:28 PMTo: Declude.Virus@declude.comSubject: Re: [Declude.Virus] Seemingly bad virus this morning -Matt,   Does the wget -N command work for you with Mcafee. I also use the -N and get the

Re: [Declude.Virus] Seemingly bad virus this morning

2005 10:49 PMTo: Declude.Virus@declude.comSubject: RE: [Declude.Virus] Seemingly bad virus this morning Hmm, yes.   Something along the lines of:   wget ftp://ftp.nai.com/pub/antivirus/datfiles/4.x/update.ini   and then parsing out

Re: [Declude.Virus] Seemingly bad virus this morning

run it on their servers.   Markus   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Monday, September 12, 2005 10:49 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Seemingly bad virus this morning Hmm, y

RE: [Declude.Virus] Seemingly bad virus this morning

safe, correct? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Geiser Sent: Monday, September 12, 2005 11:49 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Seemingly bad virus this morni

Re: [Declude.Virus] Seemingly bad virus this morning

ohn T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Geiser Sent: Monday, September 12, 2005 11:49 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Seemingly bad virus this morni

Re: [Declude.Virus] Seemingly bad virus this morning

Here's the Mcafee page: http://vil.mcafeesecurity.com/vil/virus-4d.asp   - Original Message - From: Matt To: Declude.Virus@declude.com Sent: Monday, September 12, 2005 2:26 PM Subject: Re: [Declude.Virus] Seemingly bad virus this morning This is a new

Re: [Declude.Virus] Seemingly bad virus this morning

hread/890f45b2e1cfdec9/61f1bcbcc4e71848?lnk=st&q=dailydat&rnum=1&hl=en#61f1bcbcc4e71848     - Original Message - From: Matt To: Declude.Virus@declude.com Sent: Monday, September 12, 2005 2:26 PM Subject: Re: [Declude.Virus] Seemingly bad virus this morning This is a

Re: [Declude.Virus] Seemingly bad virus this morning

r You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Geiser Sent: Monday, September 12, 2005 11:49 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Seemingly bad virus this morning I opened the zip file and it contained one

RE: [Declude.Virus] Seemingly bad virus this morning

> OK, so it is cpl file, which we should all have in our list > of banned extensions including banned if within a zip file, > so we should all be safe, correct? As save as the world can be ;-) Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mai

RE: [Declude.Virus] Seemingly bad virus this morning

er > Sent: Monday, September 12, 2005 11:49 AM > To: Declude.Virus@declude.com > Subject: Re: [Declude.Virus] Seemingly bad virus this morning > > I opened the zip file and it contained one file called "1.cpl" (without the > quotes). Some sort of malicious Control Pane

Re: [Declude.Virus] Seemingly bad virus this morning

ubject: RE: [Declude.Virus] Seemingly bad virus this morning What is the payload inside the zip? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, September 12, 2005 7:52 AM To: Declude.Virus@declude.com Subject:

RE: [Declude.Virus] Seemingly bad virus this morning

What is the payload inside the zip? John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Matt > Sent: Monday, September 12, 2005 7:52 AM > To: Declude.Virus@declude.com > Subject: [Declude.Virus] Seemin

RE: [Declude.Virus] Seemingly bad virus this morning

Subject: [Declude.Virus] Seemingly bad virus this morning > > FYI, We found a rapidly spreading zip virus beginning at > about 8:15 a.m. > this morning, first coming from Eastern Europe. McAfee seems > to be detecting all of them now, but F-Prot as of this moment > is not on our

RE: [Declude.Virus] Seemingly bad virus this morning

ECTED] On Behalf Of Matt > Sent: Monday, September 12, 2005 4:52 PM > To: Declude.Virus@declude.com > Subject: [Declude.Virus] Seemingly bad virus this morning > > FYI, We found a rapidly spreading zip virus beginning at > about 8:15 a.m. > this morning, first coming fro

[Declude.Virus] Seemingly bad virus this morning

FYI, We found a rapidly spreading zip virus beginning at about 8:15 a.m. this morning, first coming from Eastern Europe. McAfee seems to be detecting all of them now, but F-Prot as of this moment is not on our system. Every attachment name seemingly contained the word "price". Here's a quick