RE: [sniffer] New Spam/Virus?

[Colbeck, Andrew]

Title: Message

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EDV http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]   This is the virus that I was seeing.  The one that Jim and others are seeing may be this MyTob, whose description was still pending when I was at Trend's site:   http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2EDW   and may be the same as:   http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]   Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Monday, June 06, 2005 2:41 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] New Spam/Virus? I'm seeing what Scott sees, but the payload is an encrypted zip.   VirusTotal.com says:    This is a report processed by VirusTotal on 06/06/2005 at 23:40:17 (CET) after scanning the file "DBB05F6330082B871.SMD" file. Antivirus Version Update Result AntiVir 6.30.0.15 06.06.2005 no virus found AVG 718 06.06.2005 no virus found Avira 6.30.0.15 06.06.2005 no virus found BitDefender 7.0 06.06.2005 no virus found ClamAV devel-20050501 06.06.2005 Worm.Mytob.CO DrWeb 4.32b 06.06.2005 Win32.HLLM.MyDoom.44 eTrust-Iris 7.1.194.0 06.05.2005 no virus found eTrust-Vet 11.9.1.0 06.06.2005 no virus found Fortinet 2.27.0.0 06.06.2005 W32/MyTob.EN-mm Ikarus 2.32 06.06.2005 no virus found Kaspersky 4.0.2.24 06.06.2005 Net-Worm.Win32.Mytob.bg McAfee 4507 06.06.2005 Generic Malware.a!zip NOD32v2 1.1131 06.06.2005 Win32/Mytob.DO Norman 5.70.10 06.06.2005 W32/Mytob.GE Panda 8.02.00 06.06.2005 no virus found Sybari 7.5.1314 06.06.2005 W32/Mytob.G Symantec 8.0 06.06.2005 no virus found TheHacker 5.8-3.0 06.06.2005 no virus found VBA32 3.10.3 06.06.2005 Net-Worm.Win32.Mytob.bg VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.       Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Monday, June 06, 2005 2:29 PM To: sniffer@SortMonster.com Cc: Declude.Virus@declude.com Subject: Re: [sniffer] New Spam/Virus? Yes I have seen them too:   email starts with:   Dear Valued Member, According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons. ----- Original Message ----- From: Jim Matuska To: sniffer@SortMonster.com Sent: Monday, June 06, 2005 4:13 PM Subject: [sniffer] New Spam/Virus? Is anyone else seeing a huge rash of spam/virus messages in the last hour or so?  I have multiple users that are getting messages that are forging our own addresses and have a link that appears to go to our website but instead goes elsewhere with a IP address link.  These do not appear to be infecting as file attachments but from the web link itself.  Pete, I have forwarded a few to your spam@ address, let me know what you think.   Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED]