Hello Sniffer folks, There are several new virii mutations out this morning. We have rules in place to capture most of them and the rules are performing very well.
HOWEVER, we do expect these and the new spam variants that launched with them (including variants of "druglist" and "SaveOnMeds") to mutate rapidly. One of the more effective virii rules (at the moment) is 572301 which has already reached a strength of 2.8772653655 after only a couple of hours. In general the messages carrying this virus and it's cousins appear to have: a blank subject, a short html containing a single word of text followed by a pair of <br>, and a .zip file attachment with a name that includes a _ character. Many of the .zip files contain a .com executable of the same name. Since several new spam and virus variants began arriving at almost the same moment they appear to be a "coordinated attack". Just a heads up. Hope this helps, Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
