JPEG Virus
Quentin Campbell
Q.G.Campbell at NEWCASTLE.AC.UK
Tue Sep 28 16:40:47 IST 2004
Further to my earlier message which suggested that up to date Sophos and
McAfee A-V engines & data files did not catch the MS04-028 trojan,
subsequent tests indicate that both do.
Quentin
---
PHONE: +44 191 222 8209 Information Systems and Services (ISS),
University of Newcastle,
Newcastle upon Tyne,
FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."
>-----Original Message-----
>From: MailScanner mailing list
>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson
>Sent: 28 September 2004 15:11
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: JPEG Virus
>
>I went to the web site, downloaded the virus they had posted, and
>fed it to both Sophos and Clam (08.80rc3). Both detected it, as:
>
>=== Checking virus-jpeg.zip with Sophos sweep
>>>> Virus 'Exp/MS04-028' found in file virus-jpeg.zip/possibleVirus.jpg
>
>=== Checking virus-jpeg.zip with ClamAV clamscan
>Scanning virus-jpeg.zip
>virus-jpeg.zip: Exploit.JPEG.Comment FOUND
>
>So at least the anti-virus people are not snoozing...
>
>Jeff Earickson
>Colby College
>
>On Tue, 28 Sep 2004, Spicer, Kevin wrote:
>
>> Date: Tue, 28 Sep 2004 09:35:36 +0100
>> From: "Spicer, Kevin" <Kevin.Spicer at BMRB.CO.UK>
>> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: JPEG Virus
>>
>> Looks like the first jpeg virus has hit. Theres a
>discussion going on
>> on Slashdot right now. Easynews found it in a couple of
>usenet posts.
>> See here for their analysis....
>> http://www.easynews.com/virus.html
>>
>>
>>
>> BMRB International
>> http://www.bmrb.co.uk
>> +44 (0)20 8566 5000
>> _________________________________________________________________
>> This message (and any attachment) is intended only for the
>> recipient and may contain confidential and/or privileged
>> material. If you have received this in error, please contact the
>> sender and delete this message immediately. Disclosure, copying
>> or other action taken in respect of this email or in
>> reliance on it is prohibited. BMRB International Limited
>> accepts no liability in relation to any personal emails, or
>> content of any email which does not directly relate to our
>> business.
>>
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list