Price zip?

Jan-Peter Koopmann Jan-Peter.Koopmann at SECEIDOS.DE
Tue Aug 10 11:20:12 IST 2004 

On Monday, August 09, 2004 11:17 PM MailScanner mailing list wrote:

> I am now catching messages containing this virus for 8 different
> reasons: 

I can beat that:

F-Secure: ./1BuJoS-000BHj-Ex/price.exe: Infected: I-Worm.Bagle.al [AVP] 
McAfee: /1BuJoS-000BHj-Ex/price.exe Found the W32/Bagle.dll.dr trojan
!!!
ClamAV: price.exe contains Worm.Bagle.AI 
AntiVir: ALERT: [Worm/Bagle.AQ.drp worm] ./1BuJoS-000BHj-Ex/price.exe
<<< Contains signature of the worm Worm/Bagle.AQ.drp
MailScanner: Executable DOS/Windows programs are dangerous in email
(price.exe) No programs allowed (price.exe)

F-Secure: [./1BuJoS-000BHj-Ex/price_08.zip] price.html: Infected:
Exploit.CodeBaseExec [AVP] 
F-Secure: [./1BuJoS-000BHj-Ex/price_08.zip] price/price.exe: Infected:
I-Worm.Bagle.al [AVP]
McAfee: /1BuJoS-000BHj-Ex/price_08.zip Found the W32/Bagle.aq!zip virus
!!!
ClamAV: price_08.zip contains Trojan.JS.RunMe 
AntiVir: ALERT: [TR/RunMe.Dldr.1 virus] ./1BuJoS-000BHj-Ex/price_08.zip
--> price.html <<< The Trojan horse TR/RunMe.Dldr.1
AntiVir: ALERT: [Worm/Bagle.AQ.drp worm] ./1BuJoS-000BHj-Ex/price_08.zip
--> price/price.exe <<< Contains signature of the worm Worm/Bagle.AQ.drp
F-Secure: ./1BuJoS-000BHj-Ex/price.exe: Infected: I-Worm.Bagle.al [AVP]
McAfee: /1BuJoS-000BHj-Ex/price.exe Found the W32/Bagle.dll.dr trojan
!!!
ClamAV: price.exe contains Worm.Bagle.AI 
AntiVir: ALERT: [Worm/Bagle.AQ.drp worm] ./1BuJoS-000BHj-Ex/price.exe
<<< Contains signature of the worm Worm/Bagle.AQ.drp
MailScanner: Executable DOS/Windows programs are dangerous in email
(price.exe)
No programs allowed (price.exe)
F-Secure: ./1BuJoS-000BHj-Ex/price.html: Infected: Exploit.CodeBaseExec
[AVP]
McAfee: /1BuJoS-000BHj-Ex/price.html/0000007b.js Found the JS/IllWill
trojan !!!
ClamAV: price.html contains Trojan.JS.RunMe 
AntiVir: ALERT: [TR/RunMe.Dldr.1 virus] ./1BuJoS-000BHj-Ex/price.html
<<< The Trojan horse TR/RunMe.Dldr.1
F-Secure: ./1BuJoS-000BHj-Ex/price.html: Infected: Exploit.CodeBaseExec
[AVP] 
McAfee: /1BuJoS-000BHj-Ex/price.html/0000007b.js Found the JS/IllWill
trojan !!!
ClamAV: price.html contains Trojan.JS.RunMe 
AntiVir: ALERT: [TR/RunMe.Dldr.1 virus] ./1BuJoS-000BHj-Ex/price.html
<<< The Trojan horse TR/RunMe.Dldr.1


All from one mail... Some seem to discover this as Bagle.al others as
Bagle.AQ (which seems to be the correct name).

Kind regards,
  JP

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list