Heads UP: Suspicious file not detected by most virusscanners.

Stijn Jonker SJCJonker at SJC.NL
Fri Jun 3 07:11:23 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

I just received 2 copies of an mail containing a text that Osama Bin
Laden was captured, with an attachment of pics.zip (900 bytes).

Virustotal.com didn't report anything really usefull back, will be doing
my rounds through the submissions sites of mcafee,norman, symantec and
clamav.

Output of virustotal.com:
Antivirus	Version	Update	Result
AntiVir	6.30.0.15	06.02.2005	Heuristic/Trojan.Downloader
AVG	718	06.02.2005	no virus found
Avira	6.30.0.15	06.02.2005	Heuristic/Trojan.Downloader
BitDefender	7.0	06.02.2005	BehavesLike:Trojan.Downloader
ClamAV	devel-20050501	06.02.2005	Trojan.Downloader.Small-561
DrWeb	4.32b	06.02.2005	no virus found
eTrust-Iris	7.1.194.0	06.02.2005	no virus found
eTrust-Vet	11.9.1.0	06.02.2005	no virus found
Fortinet	2.27.0.0	06.03.2005	W32/Gifget.A-tr
Ikarus	2.32	06.03.2005	no virus found
Kaspersky	4.0.2.24	06.03.2005	Trojan-Downloader.Win32.Small.axr
McAfee	4505	06.02.2005	no virus found
NOD32v2	1.1124	06.02.2005	probably unknown NewHeur_PE virus
Norman	5.70.10	06.03.2005	W32/Downloader
Panda	8.02.00	06.02.2005	no virus found
Sybari	7.5.1314	06.03.2005	W32/Downloade
Symantec	8.0	06.02.2005	no virus found
VBA32	3.10.3	06.02.2005	no virus found


- --
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker at sjc.nl>
-----BEGIN PGP SIGNATURE-----

iD8DBQFCn/SLjU9r45tKnOARAoMyAJ9ojcSzzpMctIV7DWNUgveUhImfqwCfW5Mt
7MMBmTHfBqYwZ6RgQWdecIU=
=0Qxy
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list