Silent virus list
Raymond Dijkxhoorn
raymond at PROLOCATION.NET
Fri Sep 19 12:23:43 IST 2003
Hi!
> > At Thu Sep 18 20:03:07 2003 the virus scanner said:
> > F-Prot: Q143675.exe Infection: W32/Swen.A at mm
> > ClamAV: Q143675.exe contains Worm.Gibe.F
> > MailScanner: Executable DOS/Windows programs are dangerous in email (Q143675.exe)
> >
> > See:
> >
> > http://www.f-secure.com/v-descs/swen.shtml
>
> Are you sure this should be on the silent list? From what I can see of
> the copies we've caught, the envelope From address is related to the
> first mail server that the message goes through. Earlier flavours of
> Gibe haven't forged the envelope address either as far as I can see...?
You can assure that i wont post this just like that...
Examples:
From: Microsoft Corporation Technical Assistance <cxrdnriunp at technet.com>
From: Microsoft Network Message Storage System <webrobot at netmail.net>
We have gotten 5179 of W32/Swen.A at mm today so far.
Did you read the announcement on the page i posted? I think not.
>From that page:
The attachment name, subject and part of the infected message is randomly
composed from text strings hardcoded in the worm's body.
The fake sender's address is selected from the following parts:
MS
Microsoft
Corporation
Program
Internet
Network
Security
Division
Section
Department
Center
Technical
Public
Customer
Bulletin
Services
Assistance
Support
Its your pick to put it on the Silent list, i would not hesitate...
Bye,
Raymond.
More information about the MailScanner
mailing list