New Trojan
Randal, Phil
prandal at herefordshire.gov.uk
Thu Jul 24 15:28:09 IST 2008
Different trojan, which ClamAv has been catching for days.
Cheers,
Phil
--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Anthony
Peacock
Sent: 24 July 2008 15:19
To: MailScanner discussion
Subject: Re: New Trojan
Randal, Phil wrote:
> Not according to VirusTotal!
>
> ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.
OK, it may have morphed, but Sophos has been detecting something in the
UPS invoice zip files, which clamav didn't since the weekend.
"The following e-mails were found to have: Virus Detected
Sender: tequilas25 at hotmail.com
IP Address: 75.147.196.1
Recipient: ecits-enquiries at chime.ucl.ac.uk,
ecm-support at chime.ucl.ac.uk
Subject: UPS Tracking Number 7282167863
MessageID: m6M1QGRq014777
Quarantine: /var/spool/MailScanner/quarantine/20080722/m6M1QGRq014777
Report: SophosSAVI: UPS_INVOICE_978172.zip was infected by
Troj/Agent-HFZ"
As I say, I have no way of knowing if this is the same thing as what you
are seeing, but Sophos detected it and clamav didn't, and it was coming
in similar emails to those you are describing.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list