New virus

Spicer, Kevin KevinS at BMRB.CO.UK
Thu Jan 12 12:17:15 GMT 2006


Typical, that arrived around the same time I sent the message.  However
my point really was not the virus itself, but the attack vector which
isn't (I think) caught by anything other than the AV scanners.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Craig Retief (CSFS)
Sent: 12 January 2006 11:53
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] New virus

ClamAV has been Updated to 1239 which includes the Virus.

Notification from ClamAV follows:

ClamAV database updated (2006-Jan-12 11:36 +0000): daily.cvd
version: 1239

Submission: 196768
Sender: Anonymous
Submission notes: Same as 197535.
Added: No

Submission: 197535
Sender: Alex
Added: JS.Feebs.C
Added: Worm.Feebs.C
Added: Worm.Feebs.C-rkit
Virus name alias: Worm.Win32.Feebs.k (Kaspersky AVP)

Submission: 197678
Sender: Anonymous
Submission notes: Same as 197535.
Added: No

Best regards,
Diego d'Ambra




See below...

http://isc.sans.org/diary.php?storyid=1035

Has anyone seen these?  Looks like an interesting attack vector, I don't
think these files would be blocked by any of the default rules - so we
have to rely on AV only.

For now we're blocking those domains on our web proxies and blocking
message.zip in MailScanner

-- 
Kevin Spicer
Unix Systems Specialist
Millward Brown UK Limited


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

=================================================================

BMRB wins two BMRA awards - http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list