Virus] Seemingly bad
virus this morning
Oops, McAfee just slipped. Since 1:09 p.m. EST on my system
we received 52 undetected zips (just over an hour). We caught these all
with a custom filter.MattColbeck, Andrew wrote:
FYI, Kaspersky reports that they're now up to
Oops, McAfee just slipped. Since 1:09 p.m. EST on my system we
received 52 undetected zips (just over an hour). We caught these all
with a custom filter.
Matt
Colbeck, Andrew wrote:
FYI, Kaspersky reports that
they're now up to something like 20 new variants of Bagle between
Mond
I can confirm that F-Prot was again missing the Bagle zips this
morning, however McAfee seems to have caught every one of them with a
generic Bagle definition unlike yesterday. As of 2 p.m., F-Prot was
still missing these Bagles.
Matt
Colbeck, Andrew wrote:
FYI, Kaspersky reports th
FYI, Kaspersky reports that they're now up to something
like 20 new variants of Bagle between Monday and Tuesday.
Andrew 8)
: [Declude.Virus] Seemingly
bad virus this morning
Scott and Andrew,It does in fact work on my
system. I'm using Wget 1.8.1+cvs. The beta definitions do change
very frequently, so this might throw you off. Try executing a derivative
of the following command twice and see
: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morning
Scott and Andrew,
It does in fact work on my system. I'm using Wget 1.8.1+cvs. The beta
definitions do change very frequently, so this might throw you off.
Try executing a derivat
, and
things weren't perfectly synched.
I'm using 1.10-something.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Monday, September 12, 2005 3:35 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Seemingly bad
vir
N and get the full
download every time.
-
Original Message -
From:
Matt
To:
Declude.Virus@declude.com
Sent:
Monday, September 12, 2005 4:13 PM
Subject:
Re: [Declude.Virus] Seemingly bad virus this morning
Nice script, but the executables don
: Monday, September 12, 2005 2:47 PMTo:
Declude.Virus@declude.comSubject: RE: [Declude.Virus] Seemingly bad
virus this morning
Scott, in various older versions of wget, the -N
parameter as well as the --header=Accept-Encoding:gzip
parameter plain old didn't work. Pick up the cu
ECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott
FisherSent: Monday, September 12, 2005 2:28 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Seemingly bad
virus this morning
-Matt,
Does the wget -N command work for you with
Mcafee.
I also use the -N and get the
2005 10:49 PMTo: Declude.Virus@declude.comSubject:
RE: [Declude.Virus] Seemingly bad virus this morning
Hmm, yes.
Something along the lines of:
wget ftp://ftp.nai.com/pub/antivirus/datfiles/4.x/update.ini
and then parsing out
run it on their servers.
Markus
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck,
Andrew
Sent: Monday, September 12, 2005 10:49 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] Seemingly bad virus this morning
Hmm, y
safe,
correct?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dan Geiser
Sent: Monday, September 12, 2005 11:49 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morni
ohn T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dan Geiser
Sent: Monday, September 12, 2005 11:49 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morni
Here's the Mcafee page:
http://vil.mcafeesecurity.com/vil/virus-4d.asp
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 2:26
PM
Subject: Re: [Declude.Virus] Seemingly
bad virus this morning
This is a new
hread/890f45b2e1cfdec9/61f1bcbcc4e71848?lnk=st&q=dailydat&rnum=1&hl=en#61f1bcbcc4e71848
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 2:26
PM
Subject: Re: [Declude.Virus] Seemingly
bad virus this morning
This is a
r You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dan Geiser
Sent: Monday, September 12, 2005 11:49 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morning
I opened the zip file and it contained one
> OK, so it is cpl file, which we should all have in our list
> of banned extensions including banned if within a zip file,
> so we should all be safe, correct?
As save as the world can be ;-)
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mai
er
> Sent: Monday, September 12, 2005 11:49 AM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus] Seemingly bad virus this morning
>
> I opened the zip file and it contained one file called "1.cpl" (without
the
> quotes). Some sort of malicious Control Pane
ubject: RE: [Declude.Virus] Seemingly bad virus this morning
What is the payload inside the zip?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Matt
Sent: Monday, September 12, 2005 7:52 AM
To: Declude.Virus@declude.com
Subject:
What is the payload inside the zip?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Matt
> Sent: Monday, September 12, 2005 7:52 AM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] Seemin
Subject: [Declude.Virus] Seemingly bad virus this morning
>
> FYI, We found a rapidly spreading zip virus beginning at
> about 8:15 a.m.
> this morning, first coming from Eastern Europe. McAfee seems
> to be detecting all of them now, but F-Prot as of this moment
> is not on our
ECTED] On Behalf Of Matt
> Sent: Monday, September 12, 2005 4:52 PM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] Seemingly bad virus this morning
>
> FYI, We found a rapidly spreading zip virus beginning at
> about 8:15 a.m.
> this morning, first coming fro
FYI, We found a rapidly spreading zip virus beginning at about 8:15 a.m.
this morning, first coming from Eastern Europe. McAfee seems to be
detecting all of them now, but F-Prot as of this moment is not on our
system. Every attachment name seemingly contained the word "price".
Here's a quick
24 matches
Mail list logo