New Trojan
Anthony Peacock
a.peacock at chime.ucl.ac.uk
Thu Jul 24 15:18:55 IST 2008
Randal, Phil wrote:
> Not according to VirusTotal!
>
> ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.
OK, it may have morphed, but Sophos has been detecting something in the
UPS invoice zip files, which clamav didn't since the weekend.
"The following e-mails were found to have: Virus Detected
Sender: tequilas25 at hotmail.com
IP Address: 75.147.196.1
Recipient: ecits-enquiries at chime.ucl.ac.uk, ecm-support at chime.ucl.ac.uk
Subject: UPS Tracking Number 7282167863
MessageID: m6M1QGRq014777
Quarantine: /var/spool/MailScanner/quarantine/20080722/m6M1QGRq014777
Report: SophosSAVI: UPS_INVOICE_978172.zip was infected by
Troj/Agent-HFZ"
As I say, I have no way of knowing if this is the same thing as what you
are seeing, but Sophos detected it and clamav didn't, and it was coming
in similar emails to those you are describing.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
More information about the MailScanner
mailing list