ssage-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike
Wiegers
Sent: Tuesday, July 22, 2008 2:58 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] New Virus (.exe) in a zip attachment?
Should the built in declude virus scanner scan inside of zip files (when
we used f-pr
I just took the ban off of zips and it looks like it's catching this virus
now.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike
Wiegers
Sent: Tuesday, July 22, 2008 1:58 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] New Virus
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael
Jaworski
Sent: Monday, July 21, 2008 6:59 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] New Virus (.exe) in a zip attachment?
This also appears to been out in other forms in the last few days
This also appears to been out in other forms in the last few days. Google
it.
M
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com
out the invoice copy attached and collect the package at our
office
Your UPS"
Mike
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy
Armbrecht
Sent: Monday, July 21, 2008 4:23 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] New Virus (
We juat saw a new apparent virus/phishing threat come across trying to
imposter as a failed UPS delivery notice.
The file attached was called UPS_INVOICE_978172.zip and included a .exe file
within.
Is their anyway to catch these in the BanFile area of Declude? We do allow
banned files withi
shing spam.
Original Message
From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
Sent: Thursday, April 26, 2007 6:11 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] new virus with .rar attachment
Gary, you beat them by a day with your own assessment, but Symante
Basically that is what ClamAV is doing. It detects it as a phishing spam.
Original Message
> From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
> Sent: Thursday, April 26, 2007 6:11 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] ne
the message as spam.
Andrew.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Gary Steiner
> Sent: Wednesday, April 25, 2007 10:31 AM
> To: declude.virus@declude.com
> Subject: [Declude.Virus] new virus with .rar attachment
>
ClamAV is now picking this up as Email.Phishing.RB-686
Original Message
> From: "Gary Steiner" <[EMAIL PROTECTED]>
> Sent: Wednesday, April 25, 2007 1:48 PM
> To: declude.virus@declude.com
> Subject: [Declude.Virus] new virus with .rar attachment
I started getting some messages today that were picked up as spam, but were not
being identified as viruses. They looked suspicious, having subject lines of
Virus Activity Detected!
Spyware Alert!
It containes a .gif message that tells the user to open the .rar file and run
the patch there to
With the extensions listed, any one know if the payload is only in the
executuables?
W32/Piggi-A is a mass-mailing worm for the Windows platform.
W32/Piggi-A spreads via email and may pretend:
- to offer a free gift
- that your myspace, anti-virus, tax, financial or personal details have
been ha
t
that this will be a real nuisance for those infected.
Andrew 8)
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Kami Razvan
> Sent: Saturday, December 30, 2006 9:30 AM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Vi
Andrew..
Why not block any .exe attachments?
In our system AVG is detecting it.
Kami
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
Andrew
Sent: Saturday, December 30, 2006 12:11 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] New
p.s. No, the conversation thread at the end of my posting was not
relevant to the antivirus tip, that was simply poor copy and paste on my
part.
Andrew 8)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscri
http://isc.sans.org/diary.php?storyid=1988
BANNAME Greeting Card.exe
BANNAME Greeting Postcard.exe
BANNAME GreetingCard.exe
Which may be related to a rash these that my mailserver received on Dec
28th, as the executables are the same size but contain may differences:
BANNAME postcard.exe
As of
rom: "Colbeck, Andrew" <[EMAIL PROTECTED]>
> Sent: Tuesday, October 10, 2006 1:50 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus?
>
> Sounds like a very popular eBay scam, not a virus.
>
> Was there actually a hostile application
I posted virustotal results a half hour ago... did you see them?
Darin.
- Original Message -
From: "Grant Griffith" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, October 10, 2006 2:17 PM
Subject: RE: [Declude.Virus] New Virus?
It does have a .zip file that contains a .ex
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
Andrew
Sent: Tuesday, October 10, 2006 1:32 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] New Virus?
Sounds like a very popular eBay scam, not a virus.
Was there actually a hostile
irus found
Darin.
- Original Message -
From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, October 10, 2006 1:31 PM
Subject: RE: [Declude.Virus] New Virus?
Sounds like a very popular eBay scam, not a virus.
Was there actually a hostile application attached?
Yes. Saw that come in this morning.
Grant Griffith wrote:
Hey All
Has anyone seen the email saying that you purchased a Sony VAIO for $2,500?
We received a bunch of these this morning in our mailboxes and am trying to
figure out how they made it thru the scanners. What is the place to send
th
e.com
> Subject: [Declude.Virus] New Virus?
>
> Hey All
>
> Has anyone seen the email saying that you purchased a Sony
> VAIO for $2,500?
> We received a bunch of these this morning in our mailboxes
> and am trying to figure out how they made it thru the
> scanners. What
Hey All
Has anyone seen the email saying that you purchased a Sony VAIO for $2,500?
We received a bunch of these this morning in our mailboxes and am trying to
figure out how they made it thru the scanners. What is the place to send
them to see if it is begin caught?
Thanks,
Grant Griffith
Web A
: Thursday, August 31, 2006 8:59 AMTo:
declude.virus@declude.comSubject: RE: [Declude.Virus] new
virus?
My logs tell me that we received more than the usual
number of viruses yesterday. These were split into two groups, a version
of Bagle that was released back in June, and a new worm w
chellSent: Wednesday, August 30, 2006 2:01 PMTo:
declude.virus@declude.comSubject: [Declude.Virus] new
virus?
I am seeing lots
of .com attachments blocked with Declude. Random two word subject from
many different ip addresses. Is anyone else seeing
them?
Karen M. Mitch
I checked and saw just a few of them.
Luis Arango
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karen
MitchellSent: Miércoles, 30 de Agosto de 2006 04:01
p.m.To: declude.virus@declude.comSubject:
[Declude.Virus] new virus?
I am seeing lots
I am seeing lots of
.com attachments blocked with Declude. Random two word subject from many
different ip addresses. Is anyone else seeing them?
Karen M. MitchellSenior NewMedia Systems
AdministratorAccuWeather, Inc.385 Science Park RoadState College, PA
16803814-235-8698"Get the bes
rew
> Sent: Wednesday, June 28, 2006 2:26 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
> Importance: Low
>
> I don't know where that ">" character in front of my From sentence came
> from. The fir
nal Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Colbeck, Andrew
> Sent: Wednesday, June 28, 2006 2:14 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus: zipped word doc with
> Macro-Virus
>
> I haven't seen
> Behalf Of John T (Lists)
> Sent: Wednesday, June 28, 2006 1:06 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus: zipped word doc with
> Macro-Virus
>
> Back to the matter indicated in the subject line, how are
> others dealing with this?
>
>
John,
I think that F-prot now is getting it.
Subject: Declude Virus caught a virus
X-Mailer:
X-Declude-Sender: postmaster [127.0.0.1]
X-Note: Spam Score: 0
X-Note: SMTP Sender: postmaster
X-Note: Reverse DNS & IP: (Private IP) [127.0.0.1]
X-Country-Chain:
X-Note: To: nclife.com
X-RCPT-TO: <[EMA
John,
CLAMAV is catching it on my systems.
Darrell
---
fpReview - Review held mail easily and quickly.
http://www.invariantsystems.com
John T (Lists) writes:
Back to the matter indicated in the subject line, how are others dealing
with this?
Is
y low. But I'm not looking forward to hand
correcting 120 of these a month.
- Original Message -
From: "David Barker" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, June 28, 2006 2:07 PM
Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
Matt,
Th
___
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Wednesday, June 28, 2006 2:48 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
David,
The CRLF thing doesn't affect me since I ha
Back to the matter indicated in the subject line, how are others dealing
with this?
Is F-Prot and AVG and others catching this now?
Which AV scanners are indeed catching it?
Now for the bigger question: How do we combat this and future such versions
without outright blocking of the file extensio
to handle
viruses and spammers.
Mike
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of David Barker
> Sent: Wednesday, June 28, 2006 3:08 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus: zipped word do
3. WHITELIST IP being applied before IPBYPASS
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Matt
Sent: Wednesday, June 28, 2006 1:49 PM
To: declude.virus@declude.co
7;s not the intention of course. I
>>just thought that it would be constructive to point this stuff out for the
>>benefit of Declude and it's customers alike.
>>
>>Matt
>>
>>
>>
>>John T (Lists) wrote:
>>
>> I know. :(
>>
>> Declude, this is a feature who'
]] On Behalf Of Matt
Sent: Wednesday, June 28, 2006 1:49 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
David,
I'm just wondering about the issue with the invalid characters in the Mail
From's that caused massive spam leakage almo
___
>
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
>Matt
>Sent: Tuesday, June 27, 2006 7:04 PM
>To: declude.virus@declude.com
>Subject: Re: [Declude.Virus] New Virus: zipped word doc with
>Macro-Virus
>
>
>John,
>
>Not to say that this wouldn
Matt -
Thanks for keeping track of all of this for the rest of us.
Rob
-Original Message-
David,
I'm just wondering about the issue with the invalid characters in the Mail
From's that caused massive spam leakage almost a month ago. Is this too
supposed to be fixed?
I'm also very, ve
s@declude.com
Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
John,
Not to say that this wouldn't be something that is nice to have, I can think
of dozens of things that are very largely useful on a much more regular
basis. In fact, the current functionality provide
look right.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T
(Lists)
Sent: Tuesday, June 27, 2006 5:48 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
Is the word document only
OTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Marc Catuogno
> Sent: Wednesday, June 28, 2006 6:03 AM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus: zipped word doc with
> Macro-Virus
>
> Um, no making fun here - I opened it. I thought it was ju
: Tuesday, June 27, 2006 7:04 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
John,
Not to say that this wouldn't be something that is nice to have, I can think
of dozens of things that are very largely useful on a much more regular
basis
f Markus
Gufler
Sent: Tuesday, June 27, 2006 2:32 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
Some of us has noted in the past two hours that messages with an zip-file as
attachment has passed our virus filters
It's a zip-file containing
.virus@declude.com
Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
As I know yes but
BANNAME my_notebook.doc
wouldn't work for files within zip-archives.
Markus
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of Jo
EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of John T (Lists)
> Sent: Tuesday, June 27, 2006 3:38 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus: zipped word doc with
> Macro-Virus
> Importance: High
>
> I know. :(
>
> Declu
To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
>
> As I know yes but
>
> BANNAME my_notebook.doc
>
> wouldn't work for files within zip-archives.
>
> Markus
>
> > -Original Message-
> &
de.com
> Subject: RE: [Declude.Virus] New Virus: zipped word doc with
> Macro-Virus
>
> Is the word document only named that?
>
> John T
> eServices For You
>
> "Seek, and ye shall find!"
>
> > -Original Message-
> > From: [EMAIL PROTE
rus@declude.com
> Subject: [Declude.Virus] New Virus: zipped word doc with Macro-Virus
>
> Some of us has noted in the past two hours that messages with an zip-file
as
> attachment has passed our virus filters
>
> It's a zip-file containing a MS Word Document named "my_notebook.doc
rom: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Darrell ([EMAIL PROTECTED])
> Sent: Tuesday, June 27, 2006 12:08 PM
> To: declude.virus@declude.com
> Subject: Re: [Declude.Virus] New Virus: zipped word doc with
> Macro-Virus
>
> Actually, it is CLAMAV catchi
Actually, it is CLAMAV catching it. Not sure about McAfee as I stop on
first virus. F-Prot is def. not catching it though.
Darrell
Darrell ([EMAIL PROTECTED]) writes:
Mcafee is catching these Trojan.Myno on my systems.
Darrell
---
Check out http:
Mcafee is catching these Trojan.Myno on my systems.
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parse
Some of us has noted in the past two hours that messages with an zip-file as
attachment has passed our virus filters
It's a zip-file containing a MS Word Document named "my_notebook.doc"
Most Virus-Scanners can't catch it. Virustotal has returned only two
scanners with positive results
Sophos ha
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] new virus
>
> Yup I got it. I think that the message
>
> Could not find parse string Infection: in report.txt
>
> Means that it did not find the word infection in the file
>
> SCANFILE1 C:\Progra~1\FSI\
day, June 16, 2006 6:59 PM
> To: declude.virus@declude.com
> Subject: Re: [Declude.Virus] new virus
>
>
> Goran,
>
> Do you have exit code 8 also listed for F-Prot in your virus.cfg? If
not
> you should.
>
> Darrell
>
, SURBL/URI integration, MRTG
Integration, and Log Parsers.
- Original Message -
From: "Goran Jovanovic" <[EMAIL PROTECTED]>
To:
Sent: Friday, June 16, 2006 6:04 PM
Subject: RE: [Declude.Virus] new virus
My F-Prot is finding it but it does not know what it is. Both the M
Behalf Of
> Colbeck, Andrew
> Sent: Friday, June 16, 2006 5:31 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] new virus
>
> This is what I've received recently:
>
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FB
> REPBO
eclude.com
> Subject: RE: [Declude.Virus] new virus
>
> It might be this, if my F-Prot is more up to date than yours,
> as mine has identified a few zip files with a plus sign in
> the name as W32/Brepibot.gen
>
> http://www.f-secure.com/weblog/archives/archive-062006.html#0
y use.
Andrew 8)
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Ncl Admin
> Sent: Friday, June 16, 2006 2:03 PM
> To: declude.virus@declude.com
> Subject: Re: [Declude.Virus] new virus
>
> Yes,
>
> 04dotzip just came
Yes,
04dotzip just came through here but McAfee stopped it. But F-prot not
getting it.
At 04:30 PM 6/16/2006 -0400, you wrote:
Is anyone else seeing new virus zip files getting past F-Prot?
the last one was just numbers.zip
Earlier a few came through with name.zip
Bruce Loughlin
---
T
If they are encrypted zips ensure you
have:
BANEXT EZIP
in your virus.cfg
David B
www.declude.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bruce LoughlinSent:
Friday, June 16, 2006 4:31 PMTo:
declude.virus@declude.comSubject: [Declude.Virus] new
virus
Is
Is
anyone else seeing new virus zip files getting past F-Prot?
the
last one was just numbers.zip
Earlier a few came through with
name.zip
Bruce
Loughlin
---This E-mail came from the Declude.Virus mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscrib
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of John T (Lists)
> Sent: Saturday, February 25, 2006 9:04 AM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] New Virus?
>
> Seeing HQX, BHX and UUEs being blocked this morning.
>
> John T
> eSer
Seeing HQX, BHX and UUEs being blocked this morning.
John T
eServices For You
"Seek, and ye shall find!"
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED]
Mark
ReimerSent: Wednesday, January 18, 2006 1:43 PMTo:
Declude.Virus@declude.comSubject: RE: [Declude.Virus] New
Virus?
Should we be blocking .mim file types? One of the new viruses that was
blocked was a .mim file type. What is it used for?
Mark ReimerIT Project ManagerAme
GuflerSent: Wednesday, January 18, 2006 1:39
AMTo: Declude.Virus@declude.comSubject: RE:
[Declude.Virus] New Virus?
That's exactly how I use the notifications.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
Andre
That's exactly how I use the notifications.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
AndrewSent: Wednesday, January 18, 2006 12:48 AMTo:
Declude.Virus@declude.comSubject: RE: [Declude.Virus] New
Virus?
I agree compl
e.Virus@declude.com
> Subject: RE: [Declude.Virus] New Virus?
>
> I've seen many of this Kapser.A today. I've added it to the
> forging virus list and (oops) forgot to write it on the
> Declude.Virus list.
>
> As we can see more and more that AV-Companies has fo
ary 17, 2006 3:36 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New Virus?
Regarding the names, this is why I would recommend that people
completely abandon any form of postmaster and sender bounce messages
for detected viruses...it's just too much to keep
ons always turn out to be flagging a new
worm.
Andrew.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Tuesday, January 17, 2006 3:36 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] New
Virus?
Regarding the names, this is why I would
c if someone could point me to the right
way to do that; they're the only big name that doesn't detect this
malware.
Andrew.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mark Reimer
Sent: Monday, January 16, 2006 12:42 PM
To: Declude.V
us@declude.com
> Subject: RE: [Declude.Virus] New Virus?
>
> A kapser was detected on my F-Prot based system today.
>
> I'm attaching the output of the scan from virustotal.com for
> your interest.
>
> I also scanned it with my TrendMicro which detects it by a different
y big name that doesn't detect this
malware.
Andrew.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer
> Sent: Monday, January 16, 2006 12:42 PM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] New Viru
PM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] New Virus?
>
> I think this started happening after I updated my F-prot
> virus defs to 16th.
> Does anyone else see this?
>
> Mark Reimer
> IT Project Manager
> American CareSource
> 214-596-2464
>
, 2006 12:32 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] New Virus?
I saw an entry in my virus log to day for [EMAIL PROTECTED] Has anyone else
seen this? I cannot find any information on it.
Mark Reimer
IT Project Manager
American CareSource
214-596-2464
---
[This E-mail has been
I saw an entry in my virus log to day for [EMAIL PROTECTED] Has anyone else
seen this? I cannot find any information on it.
Mark Reimer
IT Project Manager
American CareSource
214-596-2464
---
[This E-mail has been scanned for viruses]
---
[This E-mail was scanned for viruses by Declude EVA www.
6 PM
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
Yep.
I've added several more today, but haven't had time to research all of the
Bagle, MyTob, and Sober variants to see if this is an exhaustive list of
attachments.
BANNAME accept-terms.zip
BANNAME accepted-pa
ubject: Re: [Declude.Virus] New Virus Strain Pounding my systems
Darin,
Would you add these to virus.cfg? Similir to BANEXT?
Thanks,
Dan
- Original Message -
From: "Darin Cox" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 21, 2005 5:04 PM
Subject: Re: [Declude.V
Darin,
Would you add these to virus.cfg? Similir to BANEXT?
Thanks,
Dan
- Original Message -
From: "Darin Cox" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 21, 2005 5:04 PM
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
For those of us poor sap
2, 2005 10:57 AM
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
Point well taken... Problem is that prior to virus writers exploiting zip
files we pounded it into everyones head to use zip files... can't win for
losing. I will spend a day grabbing copies and see what that rama
ed at for
holding up a million dollar real-estate deals.
Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message -
From: "Kevin Bilbee" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 21, 2005 9:13 PM
Subject: RE: [Declude.Virus] New Vir
m
> Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
>
>
> I would but my conundrum is that we receive alot of our loan packages in
> executable format and the lenders could careless about what I have to say
> about that... So I have to temporarily block them then hav
k Davidson
Sent: Monday, November 21, 2005 12:12 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
It is coming in with alot of different zip file names and body names now,
I
blocked all zip files and submitted samples
I am really getting hit
o_Text.zip
BANNAME RTL-Admin_Text.zip
BANNAME RTL_Text.zip
BANNAME Webmaster_Text.zip
BANNAME RTL-TV_Text.zip
Darin.
- Original Message -
From: "John T (Lists)" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 21, 2005 4:53 PM
Subject: RE: [Declude.Virus] New Virus Strain Po
Title Group
> 440-639-0607 - Office
> 951-233-6342 - Mobile
> [EMAIL PROTECTED]
> -
> - Original Message -
> From: "Matt" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, November 21, 2005 2:51 PM
> Subject: Re: [Declude.Virus] New Virus Strain Pounding
005 12:12 PM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
>
> It is coming in with alot of different zip file names and body names now,
I
> blocked all zip files and submitted samples
>
> I am really getting hit hard
ng to do with Hilton &
Richie should be handled by the CDC. :)
John C
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson
Sent: Monday, November 21, 2005 2:12 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New Virus Strain Pounding
Message -
From: "Matt" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 21, 2005 2:51 PM
Subject: Re: [Declude.Virus] New Virus Strain Pounding my systems
McAfee is detecting this currently as W32/[EMAIL PROTECTED] F-Prot is still
missing it. My first hit was at 2:08 p
ther viruses today have been
[EMAIL PROTECTED] viruses
Kevin Bilbee
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Rick Davidson
> Sent: Monday, November 21, 2005 11:34 AM
> To: Declude.virus@declude.com
> Subject: [Declude.Virus] New
McAfee is detecting this currently as W32/[EMAIL PROTECTED] F-Prot is still
missing it. My first hit was at 2:08 p.m. EST, just 40 minutes ago and
McAfee seems to have had this one tagged prior to the outbreak starting
since none have slipped through yet.
Matt
Rick Davidson wrote:
heads
Sent: Monday, November 21, 2005 11:34 AM
> To: Declude.virus@declude.com
> Subject: [Declude.Virus] New Virus Strain Pounding my systems
>
> heads up folks, I am stopping a new zip virus with the following junkmail
> rules, this is all I have seen so far. Contains an exacu
heads up folks, I am stopping a new zip virus with the following junkmail
rules, this is all I have seen so far. Contains an exacutable payload called
File-packed_dataInfo.exe
BODY 0 CONTAINS mailtext.zip
BODY 0 CONTAINS downloadm.zip
BODY 0 CONTAINS "mail.zip"
BODY 0 CONTAINS reg_pass-
om: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gianbattista
Toffetti Carughi
Sent: Tuesday, May 31, 2005 9:59 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New virus out?
This is a report processed by VirusTotal on 05/31/2005 at 17:52:48 (CET)
after scanning t
t: Tuesday, May 31, 2005 6:39 PM
Subject: RE: [Declude.Virus] New virus out?
Yes, a new Bagle and MyTob are out.
See:
http://isc.sans.org/diary.php?date=2005-05-31
http://www.viruslist.com/en/weblog
My current F-Prot *.def is detecting this as a suspicious file (return
code = 8); I've on
WORM_MyTob.BI
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FM
YTOB%2EBI&VSect=P
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Tuesday, May 31, 2005 8:00 AM
To: Declude.Virus@declud
1 AM
Subject: RE: [Declude.Virus] New virus out?
I've gotten a few:
26KB files named 1.zip, 7.zip and work.zip so far
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Tuesday, May 31, 2005 11:22 AM
To: Declude.Viru
I've gotten a few:
26KB files named 1.zip, 7.zip and work.zip so far
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Tuesday, May 31, 2005 11:22 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] New
PROTECTED])
> Sent: Tuesday, May 31, 2005 8:22 AM
> To: Declude.Virus@declude.com
> Subject: Re: [Declude.Virus] New virus out?
>
> John,
>
> What do the filenames appear to be - any pattern either filename, subject,
> body content etc?
>
> Darrell
>
> John
1 - 100 of 220 matches
Mail list logo
