New virus??
Pete Russell
pete at ENITECH.COM.AU
Tue Mar 1 13:16:18 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Bitdefender on FreeBSD didnt detect any of them, BD on rhel4 detected
loads :(
ANyone using Bitdefender on Freebsdd wanna give me any off list tips?
Runald, Patrik wrote:
> It's been a busy morning. All in all we've found five new variants of
> Bagle two of which could be
> considered trojans and not e-mail worms as they don't actively spread
> via e-mail. Some AV vendors
> might detect some of them using the same name for two or more variants.
>
> Regards,
> Patrik
>
> ---
> Patrik Runald,
> Technical Manager
> F-Secure UK
>
>
> ------------------------------------------------------------------------
> *From:* MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
> *On Behalf Of *Steen, Glenn
> *Sent:* Tuesday, March 01, 2005 12:34 PM
> *To:* MAILSCANNER at JISCMAIL.AC.UK
> *Subject:* Re: New virus??
>
> Did more or less the same and got an extra.dat from McAfee that
> identifies at
> least two (different) types as "W32/Bagle.dldr (ED) virus", while
> still missing the
> third variant we've gotten (so far). Of course submitted that one too.
>
> Boy am I glad for BitDefender today... Got the first ones
> "heuristically" as
> "BehavesLike:Win32.SiteHijack" and (after a virus update either
> Win32.Bagle.BF at mm <mailto:Win32.Bagle.BF at mm> or "Trojan.Bagle.BE"...
> And these would have gotten
> through (well, most at least, since Clam would have gotten the
> "Trojan.Bagle.BE"
> as "Trojan.Small-57-3") if I'd just relied on McAfee and Clamav.
>
> -- Glenn
>
> -----Original Message-----
> *From:* MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] *On Behalf Of *Randal, Phil
> *Sent:* den 1 mars 2005 12:21
> *To:* MAILSCANNER at JISCMAIL.AC.UK
> *Subject:* Re: New virus??
>
> We've received a couple of dozen since around 01:30 GMT.
>
> I've submitted a sample to virustotal.com, jotti.org, clamav.net
> and McAfee's webimmune.net.
>
> virustotal.com identifies it as W32.Bagle.bg (Kapersky),
> W32/Bagle.bl (F-Prot).
>
> virusscan.jotti.org calls it various things -
> Trojan.Dropper.Win32.FreshBind.11.b (and variants thereof).
>
> webimmune.net detected it heuristically as a Bagle variant, but
> McAfee's latest daily test DATs didn't pick it up.
>
> Well done Bitdefender.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
>
>
> ------------------------------------------------------------------------
> *From:* MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] *On Behalf Of *Roger Jochem
> *Sent:* 01 March 2005 09:05
> *To:* MAILSCANNER at JISCMAIL.AC.UK
> *Subject:* Re: New virus??
>
> I'm receiving lots of this warnings too, only from
> bitdefender...
>
> ----- Original Message -----
> *From:* David While <mailto:David.While at UCE.AC.UK>
> *To:* MAILSCANNER at JISCMAIL.AC.UK
> <mailto:MAILSCANNER at JISCMAIL.AC.UK>
> *Sent:* Tuesday, March 01, 2005 6:30 AM
> *Subject:* New virus??
>
> I have just started to receive the following warnings.
> It appears that only Bitdefender currently spots this
> virus (I run Bitdefender, ClamAV, F-Prot and Antivir).
>
> Anyone else seeing it??
>
>
> The following e-mails were found to have: Bad Filename
> Detected : Virus Detected
>
> Sender: xxxx at xxxxxxxxxxIP <mailto:xxxx at xxxxxxxxxxIP>
> Address: 65.116.165.251
>
> Recipient: belfast at boys-brigade.org.uk
> <mailto:belfast at boys-brigade.org.uk>
>
> Subject:
>
> MessageID: j215N9QK011410
>
> Report: Bitdefender: Found virus
> BehavesLike:Win32.SiteHijack in file price_new.zip
>
> Bitdefender: Found virus BehavesLike:Win32.SiteHijack in
> file prs_03.exe
>
> MailScanner: Executable DOS/Windows programs are
> dangerous in email (prs_03.exe)
>
> No programs allowed (prs_03.exe)
>
> Report: Bitdefender: Found virus
> BehavesLike:Win32.SiteHijack in file prs_03.exe
>
> MailScanner: Executable DOS/Windows programs are
> dangerous in email (prs_03.exe)
>
> No programs allowed (prs_03.exe)
>
>
>
> --
>
> MailScanner
>
> Email Virus Scanner
>
> _www.mailscanner.info_
>
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the
> website!*
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list