New virus??
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Tue Mar 1 11:39:17 GMT 2005
Oops, jotti.org identified it as Bagle.bl too.
Must learn to read...
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
________________________________________________________________________________
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
On Behalf Of Randal, Phil
Sent: 01 March 2005 11:21
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: New virus??
We've received a couple of dozen since around 01:30 GMT.
I've submitted a sample to virustotal.com, jotti.org, clamav.net
and McAfee's webimmune.net.
virustotal.com identifies it as W32.Bagle.bg (Kapersky),
W32/Bagle.bl (F-Prot).
virusscan.jotti.org calls it various things -
Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof).
webimmune.net detected it heuristically as a Bagle variant, but
McAfee's latest daily test DATs didn't pick it up.
Well done Bitdefender.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
________________________________________________________________________________
From: MailScanner mailing list
[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Roger Jochem
Sent: 01 March 2005 09:05
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: New virus??
I'm receiving lots of this warnings too, only from
bitdefender...
----- Original Message -----
From: David While
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Tuesday, March 01, 2005 6:30 AM
Subject: New virus??
I have just started to receive the following warnings.
It appears that only Bitdefender currently spots this
virus (I run Bitdefender, ClamAV, F-Prot and Antivir).
Anyone else seeing it??
The following e-mails were found to have: Bad Filename
Detected : Virus Detected
Sender: xxxx at xxxxxxxxxxIP Address: 65.116.165.251
Recipient: belfast at boys-brigade.org.uk
Subject:
MessageID: j215N9QK011410
Report: Bitdefender: Found virus
BehavesLike:Win32.SiteHijack in file price_new.zip
Bitdefender: Found virus BehavesLike:Win32.SiteHijack
in file prs_03.exe
MailScanner: Executable DOS/Windows programs are
dangerous in email (prs_03.exe)
No programs allowed (prs_03.exe)
Report: Bitdefender: Found virus
BehavesLike:Win32.SiteHijack in file prs_03.exe
MailScanner: Executable DOS/Windows programs are
dangerous in email (prs_03.exe)
No programs allowed (prs_03.exe)
--
MailScanner
Email Virus Scanner
www.mailscanner.info
------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ
(http://www.mailscanner.biz/maq/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the
website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list