New virus?

Remco Barendse mailscanner at BARENDSE.TO
Tue May 11 16:38:58 IST 2004


It's really strange, 3 different people report 3 different destinations
with this thing.

I ended up at the Spanish ISP's web page too (Terra) not the pr0n page
Julian found (guess I isn't my lucky day :) but anyways)

I tried ClamAV, mcafee and f-prot so far, neither of those 3 is picking
them up, even after the latest updates.


On Tue, 11 May 2004, Martin Hepworth wrote:

> Remco
>
> Clamav catches it... sophos doesn't - have sent off samples..
>
> also a bagle zip varient hitting my site - no passwd image where there
> should be one and the zip isn't encrypted so it sails past MS. Looks
> like a broken one..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Remco Barendse wrote:
> > We are receiving messages that contain only a link in the body. I cannot
> > confirm it is a virus but it is mass mailed and is pretending to be
> > something else.
> >
> > This is the complete contents of the df file of the virus (I would NOT
> > open the url on a Winblows box!):
> >
> > <HTML><HEAD></HEAD><BODY bgColor=#ffffff><DIV><FONT face=Arial
> > size=2><BR><A href="http://drs.yahoo.com/ecem.com/NEWS/*http://
> > www.security-warning.biz/personal6/maljo24/www.YAHOO.com/#http://drs.yahoo.com/ecem.com/NEWS">http://drs.yahoo.com/ecem.com/NE
> > WS</A></FONT></DIV></BODY></HTML>
> >
> > It is not detected up by 3 different virus scanner and I could not
> > find any info about it in google.
> >
> > I tried downloading the webpage but did not succeed.
> >
> > Can we block such constructed url's in MailScanner?
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/     and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list