New virus intercepted

Ugo Bellavance ugob at CAMO-ROUTE.COM
Mon Aug 22 18:46:17 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Randal, Phil wrote:
> This should be a FAQ:
> 
> Submit samples to:
> 
>   http://virusscan.jotti.org/
> 
>   http://www.virustotal.com/
> 
>   http://cgi.clamav.net/sendvirus.cgi
> 
> 

Feel free to write something about it on the wiki:
http://wiki.mailscanner.info

> Cheers,
> 
> Phil
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK  
> 
> 
>>-----Original Message-----
>>From: MailScanner mailing list 
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Denis Beauchemin
>>Sent: 18 August 2005 13:58
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: New virus intercepted
>>
>>Denis Beauchemin wrote:
>>
>>
>>>Hello All,
>>>
>>>Last night we received many hundreds EXE files infected by 
>>>Backdoor.Win32.Dumador.dk, according to Kaspersky.  No other virus 
>>>scanner I have detected anything suspicious: McAfee, 
>>
>>Bitdefender and 
>>
>>>ClamAV all said there was nothing wrong in the files.
>>>
>>>All files seem to be the same length (26112 bytes) and came 
>>
>>from many 
>>
>>>different IPs.  They all have strange names (looks like random
>>>characters) ending in .exe.
>>>
>>>I'm glad I don't let EXE/BAT/PIF/... files through!
>>>
>>>Denis
>>>
>>
>>Overall we blocked 512 EXE on one of our external servers 
>>yesterday and no more than 3 came from the same IP.  On the 
>>other external server, we blocked 525 EXE and no more than 4 
>>came from the same IP...
>>
>>Funny thing: we received them from midnight to 1:35 and then 
>>nothing until 17:36 (5:36PM).  It stopped at about 19:36 
>>(7:36PM) to not be seen again...
>>
>>Still nothing detected by McAfee, Bitdefender or ClamAV...
>>
>>Denis
>>PS: We've been told that McAfee will detect it with the 
>>extra.dat so I am about to download it.  It would be nice it 
>>mcafee-autoupdate -e worked as advertised...
>>usage: /usr/lib/MailScanner/mcafee-autoupdate [-dfrtv] 
>>[-Rnnn] [-Innn] [proxy] [prefix]
>>  -d      delete old files
>>  -e      get extra.dat
>>  -f      force update
>>  -r      show README
>>  -t      timestamp output
>>  -v      verbose
>>  -R      number of retries
>>  -I      retry interval
>>  proxy   URL of FTP/HTTP proxy server
>>  prefix  uvscan installation directory
>>
>>-- 
>>   _
>>  °v°   Denis Beauchemin, analyste
>> /(_)\  Université de Sherbrooke, S.T.I.
>>  ^ ^   T: 819.821.8000x2252 F: 819.821.8045
>>
>>
>>
>>------------------------ MailScanner list 
>>------------------------ To unsubscribe, email 
>>jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) 
>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
> 
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list