New virus intercepted

Randal, Phil prandal at HEREFORDSHIRE.GOV.UK
Thu Aug 18 14:33:35 IST 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

This should be a FAQ:

Submit samples to:

  http://virusscan.jotti.org/

  http://www.virustotal.com/

  http://cgi.clamav.net/sendvirus.cgi


Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Denis Beauchemin
> Sent: 18 August 2005 13:58
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: New virus intercepted
> 
> Denis Beauchemin wrote:
> 
> > Hello All,
> >
> > Last night we received many hundreds EXE files infected by 
> > Backdoor.Win32.Dumador.dk, according to Kaspersky.  No other virus 
> > scanner I have detected anything suspicious: McAfee, 
> Bitdefender and 
> > ClamAV all said there was nothing wrong in the files.
> >
> > All files seem to be the same length (26112 bytes) and came 
> from many 
> > different IPs.  They all have strange names (looks like random
> > characters) ending in .exe.
> >
> > I'm glad I don't let EXE/BAT/PIF/... files through!
> >
> > Denis
> >
> Overall we blocked 512 EXE on one of our external servers 
> yesterday and no more than 3 came from the same IP.  On the 
> other external server, we blocked 525 EXE and no more than 4 
> came from the same IP...
> 
> Funny thing: we received them from midnight to 1:35 and then 
> nothing until 17:36 (5:36PM).  It stopped at about 19:36 
> (7:36PM) to not be seen again...
> 
> Still nothing detected by McAfee, Bitdefender or ClamAV...
> 
> Denis
> PS: We've been told that McAfee will detect it with the 
> extra.dat so I am about to download it.  It would be nice it 
> mcafee-autoupdate -e worked as advertised...
> usage: /usr/lib/MailScanner/mcafee-autoupdate [-dfrtv] 
> [-Rnnn] [-Innn] [proxy] [prefix]
>   -d      delete old files
>   -e      get extra.dat
>   -f      force update
>   -r      show README
>   -t      timestamp output
>   -v      verbose
>   -R      number of retries
>   -I      retry interval
>   proxy   URL of FTP/HTTP proxy server
>   prefix  uvscan installation directory
> 
> -- 
>    _
>   °v°   Denis Beauchemin, analyste
>  /(_)\  Université de Sherbrooke, S.T.I.
>   ^ ^   T: 819.821.8000x2252 F: 819.821.8045
> 
> 
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list