OT: Particular String showing up today

Ken Rice krice at SERVERSANDSOLUTIONS.COM
Tue Apr 20 20:38:12 IST 2004


I apologize for this OT post, so perhaps replies can be emailed to me off list, please?

I've seen several of these today, and ClamAv doesn't catch them all, but MS does.

The pattern in the Report: is basically the same, in the form of:

www.[DOMAIN].com.[USERNAME].session-0000NNNN.com)

Just curious if others have seen this.
At first, I thought I had more "juice" to get the Windows/Web people to start Obfuscating email addresses on my
companies' web pages, but that's another story.

It's the session-nnnnnnn.com that intrigues me.

thank you,

Ken Rice

An example of ClamAV nailing it along with MS:

The following e-mail messages were found to have viruses in them:

    Sender: [deleted]
IP Address: 67.22.83.126
 Recipient: [deleted]
   Subject: Delivery failure notice (ID-00003132)
 MessageID: i3KJLg126092
    Report: ClamAV Module: www.[deleted].com.[usernamedeleted].session-00003132.com was infected: Worm.SomeFool.Y
            MailScanner: Executable DOS/Windows programs are dangerous in email
(www.[deleted].com.[usernamedeleted].session-00003132.com)



More information about the MailScanner mailing list